findutils-patches
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Findutils-patches] [PATCH 07/19] Fix Savannah bug #24283, find-4.5.2 -p


From: James Youngman
Subject: [Findutils-patches] [PATCH 07/19] Fix Savannah bug #24283, find-4.5.2 -printf %TY causes NULL pointer dereference
Date: Fri, 10 Apr 2009 23:53:04 +0100

---
 NEWS        |    2 ++
 find/pred.c |   17 ++++++++++++++---
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/NEWS b/NEWS
index fbaaf3b..3dd4483 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,8 @@ declarations to follow statements.
 #25144: Misleading error message when argument to find -user is an
 unknown user or is missing.
 
+#24283: -printf %TY causes NULL pointer dereference on Solaris.
+
 #24169: find would segfault if the -newerXY test was not followed by
 any argument.
 
diff --git a/find/pred.c b/find/pred.c
index 3a829bc..92da9fc 100644
--- a/find/pred.c
+++ b/find/pred.c
@@ -2068,7 +2068,7 @@ static char*
 do_time_format (const char *fmt, const struct tm *p, const char *ns, size_t 
ns_size)
 {
   static char *buf = NULL;
-  static size_t buf_size = 0u;
+  static size_t buf_size;
   char *timefmt = NULL;
   boolean done = false;
   struct tm altered_time;
@@ -2092,10 +2092,21 @@ do_time_format (const char *fmt, const struct tm *p, 
const char *ns, size_t ns_s
   else
     altered_time.tm_sec += 11;
 
+  /* If we call strftime() with buf_size=0, the program will coredump
+   * on Solaris, since it unconditionally writes the terminating null
+   * character.
+   */
+  buf_size = 1u;
+  buf = xmalloc (buf_size);
   while (!done)
     {
-      const size_t buf_used = strftime (buf, buf_size, timefmt, p);
-      if (0 != buf_used)
+      /* I'm not sure that Solaris will return 0 when the buffer is too small.
+       * Therefore we do not check for (buf_used != 0) as the termination
+       * condition.
+       */
+      size_t buf_used = strftime (buf, buf_size, timefmt, p);
+      if (buf_used             /* Conforming POSIX system */
+         && (buf_used < buf_size)) /* Solaris workaround */
        {
          char *altbuf;
          size_t i, n;
-- 
1.5.6.5





reply via email to

[Prev in Thread] Current Thread [Next in Thread]