Debian bug report logs - #1764
/bin/kill segfaults

Package: bsdutils ; Reported by: Herbert Xu
<herbert@greathan.apana.org.au>.
-----------------------------------------------------------------------

Message received at debian-bugs:


From ion.apana.org.au!greathan.apana.org.au!herbert Wed Oct 25 04:25:31 
1995
Return-Path: <greathan.apana.org.au!herbert@ion.apana.org.au>
Received: from pixar.com by mongo.pixar.com with smtp
        (Smail3.1.28.1 #15) id m0t83xW-00027fC; Wed, 25 Oct 95 04:25 PDT
Received: from ion.apana.org.au by pixar.com with SMTP id AA19246
  (5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Wed, 25 Oct 1995 
04:24:54 -0700
Received: (from herbert@localhost) by greathan.apana.org.au 
(8.6.12/8.6.6) id PAA08510 for debian-bugs@pixar.com; Wed, 25 Oct 1995 
15:40:36 +1000
From: Herbert Xu <herbert@greathan.apana.org.au>
Message-Id: <199510250540.PAA08510@greathan.apana.org.au>
Subject: /bin/kill segfaults
To: debian-bugs@pixar.com
Date: Wed, 25 Oct 1995 15:40:09 +1000 (EST)
X-Mailer: ELM [version 2.4 PL24 PGP2]
Content-Type: text
Content-Length: 1960      

Package: bsdutils
Version: 1.3-1

It is trivial to make /bin/kill segfault:
$ /bin/kill -l
INT QUIT ILL TRAP ABRT UNUSED FPE KILL USR1 SEGV USR2 PIPE ALRM TERM 
STKFLT CHLD
Segmentation fault (core dumped)

The appended patch fixes the bug.  I suspect the person who wrote the 
code
has had some bad memories about Pascal :)

PS NSIG is the largest valid signal number + 1.

-- 
A.  B <=> True                  B.  A <=> False
Email:  Herbert Xu ~{PmV>HI~} <herbert@greathan.apana.org.au>
PGP Key:  pgp-public-keys@pgp.mit.edu or any other key sites
--
--- kill.c.orig Wed Mar 22 05:57:31 1995
+++ kill.c      Wed Oct 25 15:33:21 1995
@@ -57,8 +57,8 @@
   "QUIT",                      /* 3 */
   "ILL",                       /* 4 */
   "TRAP",                      /* 5 */
-  "ABRT",                      /* 6 */
-  "UNUSED",                    /* 7 */
+  "IOT",                       /* 6 */
+  "BUS",                       /* 7 */
   "FPE",                       /* 8 */
   "KILL",                      /* 9 */
   "USR1",                      /* 10 */
@@ -74,6 +74,15 @@
   "TSTP",                      /* 20 */
   "TTIN",                      /* 21 */
   "TTOU",                      /* 22 */
+  "URG",                       /* 23 */
+  "XCPU",                      /* 24 */
+  "XFSZ",                      /* 25 */
+  "VTALRM",                    /* 26 */
+  "PROF",                      /* 27 */
+  "WINCH",                     /* 28 */
+  "IO",                                /* 29 */
+  "PWR",                       /* 30 */
+  "UNUSED",                    /* 31 */
   NULL
 };
 #endif /* __linux__ */
@@ -105,7 +114,7 @@
                if (isalpha(**argv)) {
                        if (!strncasecmp(*argv, "sig", 3))
                                *argv += 3;
-                       for (numsig = NSIG, p = sys_signame + 1; 
--numsig; ++p)
+                       for (numsig = NSIG, p = sys_signame; --numsig; 
++p)
                                if (!strcasecmp(*p, *argv)) {
                                        numsig = p - sys_signame;
                                        break;
@@ -116,7 +125,7 @@
                        numsig = strtol(*argv, &ep, 10);
                        if (!*argv || *ep)
                                errx(1, "illegal signal number: %s", 
*argv);
-                       if (numsig <= 0 || numsig > NSIG)
+                       if (numsig <= 0 || numsig >= NSIG)
                                nosig(*argv);
                } else
                        nosig(*argv);
@@ -156,7 +165,7 @@
        const char *const *p;
        int cnt;
 
-       for (cnt = NSIG, p = sys_signame + 1; --cnt; ++p) {
+       for (cnt = NSIG, p = sys_signame; --cnt; ++p) {
                (void)fprintf(fp, "%s ", *p);
                if (cnt == NSIG / 2)
                        (void)fprintf(fp, "\n");
-----------------------------------------------------------------------
Acknowledgement sent to Herbert Xu <herbert@greathan.apana.org.au> :
New bug report received and forwarded. Full text available.
-----------------------------------------------------------------------
Report forwarded to debian-devel@pixar.com :
Bug#1764 ; Package bsdutils . Full text available.
-----------------------------------------------------------------------
Ian Jackson / iwj10@thor.cam.ac.uk , with the debian-bugs tracking
mechanism
This page last modified 07:43:01 GMT Wed 01 Nov