kern/140386: segfault in fmtmsg(3) with MM_NULLACT

FreeBSD xxx.org 7.2-STABLE FreeBSD 7.2-STABLE #4: Sun Oct  4 19:58:35 UTC 2009     xxx.org:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
obvious bug in /usr/src/lib/libc/gen/fmtmsg.c

>How-To-Repeat:
#include <fmtmsg.h>

int main(int argc, char * argv[])
{
    fmtmsg(MM_UTIL | MM_PRINT, "BSD:ls", MM_ERROR,
            "illegal option ‐‐ z", MM_NULLACT, "BSD:ls:001");
    return 0;
}

gcc main.c
./a.out dumps core

>Fix:


Patch attached with submission follows:

--- fmtmsg.c.bak 2009-11-08 15:01:29.000000000 +0300
+++ fmtmsg.c 2009-11-08 15:09:08.000000000 +0300
@@ -128,7 +128,7 @@
  size += strlen(sevname);
  if (text != MM_NULLTXT)
  size += strlen(text);
- if (text != MM_NULLACT)
+ if (act != MM_NULLACT)
  size += strlen(act);
  if (tag != MM_NULLTAG)
  size += strlen(tag);


>Release-Note:
>Audit-Trail:
>Unformatted:
_______________________________________________
freebsd-bugs@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscribe@..."

Synopsis: segfault in fmtmsg(3) with MM_NULLACT

State-Changed-From-To: open->patched
State-Changed-By: brueffer
State-Changed-When: Sun Nov 8 15:03:05 CET 2009
State-Changed-Why:
Committed, thanks!


Responsible-Changed-From-To: freebsd-bugs->brueffer
Responsible-Changed-By: brueffer
Responsible-Changed-When: Sun Nov 8 15:03:05 CET 2009
Responsible-Changed-Why:
MFC reminder.

http://www.freebsd.org/cgi/query-pr.cgi?pr=140386
_______________________________________________
freebsd-bugs@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscribe@..."