Debian bug report logs - #1764
/bin/kill segfaults
Package: bsdutils; Reported by: Herbert Xu <herbert@greathan.apana.org.au>.
Message received at debian-bugs:
From ion.apana.org.au!greathan.apana.org.au!herbert Wed Oct 25 04:25:31 1995
Return-Path: <greathan.apana.org.au!herbert@ion.apana.org.au>
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t83xW-00027fC; Wed, 25 Oct 95 04:25 PDT
Received: from ion.apana.org.au by pixar.com with SMTP id AA19246
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Wed, 25 Oct 1995 04:24:54 -0700
Received: (from herbert@localhost) by greathan.apana.org.au (8.6.12/8.6.6) id PAA08510 for debian-bugs@pixar.com; Wed, 25 Oct 1995 15:40:36 +1000
From: Herbert Xu <herbert@greathan.apana.org.au>
Message-Id: <199510250540.PAA08510@greathan.apana.org.au>
Subject: /bin/kill segfaults
To: debian-bugs@pixar.com
Date: Wed, 25 Oct 1995 15:40:09 +1000 (EST)
X-Mailer: ELM [version 2.4 PL24 PGP2]
Content-Type: text
Content-Length: 1960
Package: bsdutils
Version: 1.3-1
It is trivial to make /bin/kill segfault:
$ /bin/kill -l
INT QUIT ILL TRAP ABRT UNUSED FPE KILL USR1 SEGV USR2 PIPE ALRM TERM STKFLT CHLD
Segmentation fault (core dumped)
The appended patch fixes the bug. I suspect the person who wrote the code
has had some bad memories about Pascal :)
PS NSIG is the largest valid signal number + 1.
--
A. B <=> True B. A <=> False
Email: Herbert Xu ~{PmV>HI~} <herbert@greathan.apana.org.au>
PGP Key: pgp-public-keys@pgp.mit.edu or any other key sites
--
--- kill.c.orig Wed Mar 22 05:57:31 1995
+++ kill.c Wed Oct 25 15:33:21 1995
@@ -57,8 +57,8 @@
"QUIT", /* 3 */
"ILL", /* 4 */
"TRAP", /* 5 */
- "ABRT", /* 6 */
- "UNUSED", /* 7 */
+ "IOT", /* 6 */
+ "BUS", /* 7 */
"FPE", /* 8 */
"KILL", /* 9 */
"USR1", /* 10 */
@@ -74,6 +74,15 @@
"TSTP", /* 20 */
"TTIN", /* 21 */
"TTOU", /* 22 */
+ "URG", /* 23 */
+ "XCPU", /* 24 */
+ "XFSZ", /* 25 */
+ "VTALRM", /* 26 */
+ "PROF", /* 27 */
+ "WINCH", /* 28 */
+ "IO", /* 29 */
+ "PWR", /* 30 */
+ "UNUSED", /* 31 */
NULL
};
#endif /* __linux__ */
@@ -105,7 +114,7 @@
if (isalpha(**argv)) {
if (!strncasecmp(*argv, "sig", 3))
*argv += 3;
- for (numsig = NSIG, p = sys_signame + 1; --numsig; ++p)
+ for (numsig = NSIG, p = sys_signame; --numsig; ++p)
if (!strcasecmp(*p, *argv)) {
numsig = p - sys_signame;
break;
@@ -116,7 +125,7 @@
numsig = strtol(*argv, &ep, 10);
if (!*argv || *ep)
errx(1, "illegal signal number: %s", *argv);
- if (numsig <= 0 || numsig > NSIG)
+ if (numsig <= 0 || numsig >= NSIG)
nosig(*argv);
} else
nosig(*argv);
@@ -156,7 +165,7 @@
const char *const *p;
int cnt;
- for (cnt = NSIG, p = sys_signame + 1; --cnt; ++p) {
+ for (cnt = NSIG, p = sys_signame; --cnt; ++p) {
(void)fprintf(fp, "%s ", *p);
if (cnt == NSIG / 2)
(void)fprintf(fp, "\n");
Acknowledgement sent to Herbert Xu <herbert@greathan.apana.org.au>:
New bug report received and forwarded.
Full text available.
Report forwarded to debian-devel@pixar.com:
Bug#1764; Package bsdutils.
Full text available.
Ian Jackson /
iwj10@thor.cam.ac.uk,
with the debian-bugs tracking mechanism