From viro@math.psu.edu  Wed Nov  4 05:53:49 1998
Received: from math.psu.edu (leibniz.math.psu.edu [146.186.130.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA25774
          for <FreeBSD-gnats-submit@freebsd.org>; Wed, 4 Nov 1998 05:53:47 -0800 (PST)
          (envelope-from viro@math.psu.edu)
Received: from hilbert.math.psu.edu (hilbert.math.psu.edu [146.186.130.197]) by math.psu.edu (8.8.5/8.7.3) with ESMTP id IAA07726 for <FreeBSD-gnats-submit@freebsd.org>; Wed, 4 Nov 1998 08:53:38 -0500 (EST)
Received: (viro@localhost) by hilbert.math.psu.edu (8.8.8/8.6.9) id IAA09242 for FreeBSD-gnats-submit@freebsd.org; Wed, 4 Nov 1998 08:53:38 -0500 (EST)
Message-Id: <199811041353.IAA09242@hilbert.math.psu.edu>
Date: Wed, 4 Nov 1998 08:53:38 -0500 (EST)
From: viro@math.psu.edu
Reply-To: viro@math.psu.edu
To: FreeBSD-gnats-submit@freebsd.org
Subject: [PATCH] SIGSEGV in nvi 1.79
X-Send-Pr-Version: 3.2

>Number:         8573
>Category:       bin
>Synopsis:       nvi 1.79 SIGSEGVs on any address in .exrc
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Nov  4 06:00:01 PST 1998
>Closed-Date:    Fri Sep 24 13:36:26 PDT 1999
>Last-Modified:  Fri Sep 24 13:40:00 PDT 1999
>Originator:     Al Viro
>Release:        FreeBSD 2.2.7-RELEASE i386
>Organization:
-ENOENT
>Environment:

	Any OS that doesn't like NULL dereferencing ;-/ Reproducable on
3.0, Linux, SunOS, Slowlaris...

>Description:

	ex/ex.c::ex_badaddr(sp,ba,cp,nret) passes cp->name to ex_emsg()
in case when sp->ep is NULL. It doesn't check for cp!=NULL. Bad, since
in many places it is explicitly called in such setup. One of them (in
ex/ex.c):
1834:	/* No addresses permitted until a file has been read in. */
1835:	if (sp->ep == NULL && strchr("$0123456789'\\/?.+-^", *ecp->cp)) {
1836:		ex_badaddr(sp, NULL, A_EMPTY, NUM_OK);
	... which could as well be foo(*(char*)NULL)...

>How-To-Repeat:

	Just put into .exrc any command with address. Plain .<whatever> will
go. 

>Fix:

*** ex/ex.c	Thu Oct 10 18:49:46 1996
--- ex/ex.c.new	Wed Nov  4 02:32:49 1998
***************
*** 2307,2313 ****
  	 * underlying file, that's the real problem.
  	 */
  	if (sp->ep == NULL) {
! 		ex_emsg(sp, cp->name, EXM_NOFILEYET);
  		return;
  	}
  
--- 2307,2313 ----
  	 * underlying file, that's the real problem.
  	 */
  	if (sp->ep == NULL) {
! 		ex_emsg(sp, cp ? cp->name : NULL, EXM_NOFILEYET);
  		return;
  	}
  

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: ru 
State-Changed-When: Fri Sep 24 13:36:26 PDT 1999 
State-Changed-Why:  
Fixed in src/contrib/nvi/ex/ex.c,v 1.2. 
>Unformatted:
