VFS crash fixed
Pavel Roskin
proski at gnu.org
Wed May 23 00:13:42 UTC 2001
Hi, Andrew!
> : I remember rare crashes in MC after intensive use of different types of
> : VFS. This must be the fix for that problem.
>
> It seems now mc will crash after derefencing of NULL(s).
It doesn't crash for me. I tested it very carefully.
The crash always happened in is_num(), and this function checks columns[idx]
before dereferencing it.
>From what I see, the code is careful to call is_num() before calling
atol(), but some other libc functions may be indeed called with NULL, for
example, is_dos_date() may pass NULL to strlen().
Maybe some wrong input could crash MC. Connecting to a compromized ssh
server with fish may be a security risk.
> The real problem is a buffer overflow. There are a lot of places where
> index is incremented without checking of real number of members in columns.
> May be it is more right to write a columns () function to return nth element
> of that array.
What I really really want to do is to replace all that code with a yacc
program some day. The real problem is not having it.
> And now it is more right fill `columns' with pointers to empty string ("").
Let me think about it. I'll do it tomorrow unless I find something better.
--
Regards,
Pavel Roskin
More information about the mc-devel
mailing list