From shigio@wafu.netgate.net  Mon Oct 20 07:31:51 1997
Received: from wafu.netgate.net (wafu.netgate.net [204.145.147.80])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id HAA25789
          for <FreeBSD-gnats-submit@freebsd.org>; Mon, 20 Oct 1997 07:31:51 -0700 (PDT)
          (envelope-from shigio@wafu.netgate.net)
Received: from chiota.signet.or.jp (INS150.tama.dti.ne.jp [210.159.144.104]) by wafu.netgate.net (8.7.5/8.7.3) with ESMTP id GAA16658 for <FreeBSD-gnats-submit@freebsd.org>; Mon, 20 Oct 1997 06:32:23 GMT
Received: (from shigio@localhost) by chiota.signet.or.jp (8.8.5/) id VAA22112; Mon, 20 Oct 1997 21:30:05 +0900 (JST)
Message-Id: <199710200632.GAA16658@wafu.netgate.net>
Date: Mon, 20 Oct 1997 21:30:05 +0900 (JST)
From: shigio@wafu.netgate.net
Reply-To: shigio@wafu.netgate.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: ctags(1) write to buffer beyond the end of it.
X-Send-Pr-Version: 3.2

>Number:         4812
>Category:       misc
>Synopsis:       ctags(1) write to buffer beyond the end of it.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Oct 20 07:40:00 PDT 1997
>Closed-Date:    Sun Apr 19 11:00:54 PDT 1998
>Last-Modified:  Sun Apr 19 11:01:11 PDT 1998
>Originator:     Shigio Yamaguchi
>Release:        FreeBSD 2.2.2-RELEASE i386
>Organization:
Freelance programmer
>Environment:

	All environment

>Description:

	Ctags write to buffer beyond the end of it when the source file
	doesn't end with '\n'. It brings segmentation fault.

>How-To-Repeat:

	% echo -n 'main(){}' > main.c
	% ctags -x main.c
	Segmentation fault (core dumped)

>Fix:

	[/usr/src/usr.bin/ctags/print.c]

	*** print.c.org	Mon Oct 20 19:16:43 1997
	--- print.c	Mon Oct 20 19:40:27 1997
	***************
	*** 59,65 ****
		saveftell = ftell(inf);
		(void)fseek(inf, lineftell, L_SET);
		if (xflag)
	! 		for (cp = lbuf; GETC(!=, '\n'); *cp++ = c)
				continue;
		/*
		 * do all processing here, so we don't step through the
	--- 59,65 ----
		saveftell = ftell(inf);
		(void)fseek(inf, lineftell, L_SET);
		if (xflag)
	! 		for (cp = lbuf; GETC(!=, EOF) && c != '\n'; *cp++ = c)
				continue;
		/*
		 * do all processing here, so we don't step through the
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: phk 
State-Changed-When: Sun Apr 19 11:00:54 PDT 1998 
State-Changed-Why:  
committed, thanks! 
>Unformatted:
