From nobody@FreeBSD.org  Sat Aug 25 12:55:22 2001
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 0F60B37B403
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 25 Aug 2001 12:55:22 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f7PJtMl22578;
	Sat, 25 Aug 2001 12:55:22 -0700 (PDT)
	(envelope-from nobody)
Message-Id: <200108251955.f7PJtMl22578@freefall.freebsd.org>
Date: Sat, 25 Aug 2001 12:55:22 -0700 (PDT)
From: Michael Joyner <wolfieee@wolf.dyns.cx>
To: freebsd-gnats-submit@FreeBSD.org
Subject: mtoolsfm has serious bug when started in paths > 49 char's.
X-Send-Pr-Version: www-1.0

>Number:         30083
>Category:       ports
>Synopsis:       mtoolsfm has serious bug when started in paths > 49 char's.
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Aug 25 13:00:01 PDT 2001
>Closed-Date:    Mon Aug 27 18:50:55 PDT 2001
>Last-Modified:  Mon Aug 27 18:51:24 PDT 2001
>Originator:     Michael Joyner
>Release:        4.3-20010721-STABLE
>Organization:
Edward Waters College
>Environment:
FreeBSD host100.internal 4.3-20010721-STABLE FreeBSD 4.3-20010721-STABLE #1: Sun Aug  5 16:39:18 EDT 2001     root@:/usr/src/sys/compile/workstation  i386 
>Description:
The mtoolsfm port has a routine that is supposed to dynamically
resize the buffer for getcwd.
This code is seriously flawed and will fail if mtools starts up
in a dir that is greater than 49 chars.
>How-To-Repeat:
Start up mtools in a dir that is greater than 49 bytes in length.
>Fix:
--- mtoolsfm.c.orig     Sat Aug 25 15:30:09 2001
+++ mtoolsfm.c  Sat Aug 25 15:36:21 2001
@@ -463,15 +463,21 @@
   char *path = NULL;
   char *position;
   char *nextposition;
+  unsigned int path_length=50;
+  unsigned int path_add=50;
+
   if (debug) {
     printf ("In gethdpath()\n");
     printf ("  whichside: %p\n", whichside);
   }
   clearpath (whichside);
   errno = 0;
-  path = malloc (50 * sizeof (char));
-  while ((!getcwd (path, 49)) && (errno == ERANGE))
-    path = g_realloc (path, (strlen (path) + 50) * sizeof (char));
+  path = malloc (path_length * sizeof (char));
+  while ((!getcwd (path, path_length - 2)) && (errno == ERANGE))
+       {
+               if (debug) printf("  getcwd buffer resize: errno=%d, path_length=%d, path=%s\n",errno,path_length,path);
+               path = g_realloc (path, (path_length+=path_add) * sizeof (char));
+       }
   strcat (path, "/");
   if (debug)
     printf ("  path: %s\n", path);
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: petef 
State-Changed-When: Mon Aug 27 18:50:55 PDT 2001 
State-Changed-Why:  
I just committed an update to bring mtoolsfm to version 1.9.3, which includes 
this fix. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=30083 
>Unformatted:
