VFS crash fixed

Pavel Roskin proski at gnu.org
Tue May 22 22:41:06 UTC 2001


Hello!

This is perhaps one of the most serious bugs in MC I have ever fixed. The
`columns' array wasn't cleaned up in vfs_split_text(). If the new string
had less fields (i.e. spaces) than the old one, the some of the values in
`columns' would point to the old string. Occasionally MC would try to
access the "old" memory. This can cause it to crash, since the filesystems
are freed after a timeout.

I don't have a reliable procedure to crash MC. I only know that it crashes
if I open a tar file and then go to a fish filesystem, then return to the
tar file and so on, three of four times. It also helps to select "Free
VFSs now" in the menu.

I remember rare crashes in MC after intensive use of different types of
VFS. This must be the fix for that problem.

__________________________
--- ChangeLog
+++ ChangeLog
@@ -2,2 +2,5 @@

+	* vfs.c (vfs_split_text): Fill `columns' with zeroes before
+	writing new data into it.
+
 	* fish.c (free_archive): Use `exit' instead of `logout' - the
--- vfs.c
+++ vfs.c
@@ -1326,6 +1326,8 @@ vfs_split_text (char *p)
     char *original = p;
     int  numcols;

+    memset (columns, 0, sizeof (columns));
+
     for (numcols = 0; *p && numcols < MAXCOLS; numcols++){
 	while (*p == ' ' || *p == '\r' || *p == '\n'){
 	    *p = 0;
__________________________

Regards,
Pavel Roskin





More information about the mc-devel mailing list