Please upload the patch to the bug report, if not there is a risk it gets
lost before my next round if Squid patching.
If the patch is already there, just comment in the bug report saying that
you'd like it committed and why..
Regards
Henrik
On Mon, 24 Nov 2003, David Wilder wrote:
>
>
>
>
> Please accept the following patch. This fixes the segmentation faults
> reported in bugzilla 753.
>
> The patch is against 2.5.STABLE4. The problem was reproduced on SuSE
> SLES-8 SP3 running on IBM zSeries (31-bit). However, the bug should be
> generic to all platforms.
>
> --- MemBuf.c.orig 2003-11-21 15:51:42.000000000 -0800
> +++ MemBuf.c 2003-11-21 16:00:18.000000000 -0800
> @@ -228,6 +228,7 @@
> void
> memBufVPrintf(MemBuf * mb, const char *fmt, va_list vargs)
> {
> + va_list ap;
> int sz = 0;
> assert(mb && fmt);
> assert(mb->buf);
> @@ -236,7 +237,12 @@
> while (mb->capacity <= mb->max_capacity) {
> mb_size_t free_space = mb->capacity - mb->size;
> /* put as much as we can */
> - sz = vsnprintf(mb->buf + mb->size, free_space, fmt, vargs);
> +
> + va_copy(ap,vargs); /* bug 753, the value of vargs is undefined
> + * after vsnprintf()
> returnes. Make a copy of vargs
> + * incase we loop around and call vsnprintf()
> again.
> + */
> + sz = vsnprintf(mb->buf + mb->size, free_space, fmt, ap);
> /* check for possible overflow */
> /* snprintf on Linuz returns -1 on overflows */
> /* snprintf on FreeBSD returns at least free_space on overflows */
> @@ -245,6 +251,7 @@
> else
> break;
> }
> + va_end(ap);
> mb->size += sz;
> /* on Linux and FreeBSD, '\0' is not counted in return value */
> /* on XXX it might be counted */
>
>
>
> David Wilder
> IBM Global Services, Linux Change Team
> wilder@us.ibm.com
> (503) 578-3789 T/L 775-3789
>
Received on Thu Apr 08 2004 - 06:23:53 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Apr 29 2004 - 12:00:03 MDT