From ll-xn!nike!sri-spam!sri-unix!hplabs!sdcrdcf!lwall Wed Nov 5 08:30:18 EST 1986 Article 300 of net.news.b: Path: adelie!ll-xn!nike!sri-spam!sri-unix!hplabs!sdcrdcf!lwall >From: lwall@sdcrdcf.UUCP (Larry Wall) Newsgroups: net.news.b,net.sources.bugs Subject: rn 4.3 patch #35 Message-ID: <3401@sdcrdcf.UUCP> Date: 5 Nov 86 00:03:18 GMT Organization: System Development Corporation R&D, Santa Monica Lines: 97 Xref: adelie net.news.b:300 net.sources.bugs:651 System: rn version 4.3 Patch #: 35 Priority: MEDIUM Subject: rn -c can produce a memory fault >From: jeffb@leia.GWD.TEK.COM (Jeff Beachy) Description: Patch #14 attempted to speed up "rn -c" by using a static buffer instead of an malloc'ed one. Unfortunately, buried deep down in a routine called checkexpired there was an unguarded call to saferealloc(), which calls realloc(). This will confuse realloc() to no end, since it doesn't know how large the area being realloc'ed is to begin with. Fix: From rn, say "| patch -d DIR", where DIR is your rn source directory. Outside of rn, say "cd DIR; patch Patch #: 35 Index: rcln.c Prereq: 4.3.1.2 *** rcln.c.old Tue Nov 4 15:58:18 1986 --- rcln.c Tue Nov 4 15:58:23 1986 *************** *** 1,4 ! /* $Header: rcln.c,v 4.3.1.2 85/07/23 17:39:08 lwall Exp $ * * $Log: rcln.c,v $ * Revision 4.3.1.2 85/07/23 17:39:08 lwall --- 1,4 ----- ! /* $Header: rcln.c,v 4.3.1.3 86/11/04 15:57:03 lwall Exp $ * * $Log: rcln.c,v $ * Revision 4.3.1.3 86/11/04 15:57:03 lwall *************** *** 1,6 /* $Header: rcln.c,v 4.3.1.2 85/07/23 17:39:08 lwall Exp $ * * $Log: rcln.c,v $ * Revision 4.3.1.2 85/07/23 17:39:08 lwall * Oops, was freeing a static buf on -c in checkexpired. * --- 1,9 ----- /* $Header: rcln.c,v 4.3.1.3 86/11/04 15:57:03 lwall Exp $ * * $Log: rcln.c,v $ + * Revision 4.3.1.3 86/11/04 15:57:03 lwall + * realloc attempted on unalloced area. + * * Revision 4.3.1.2 85/07/23 17:39:08 lwall * Oops, was freeing a static buf on -c in checkexpired. * *************** *** 427,433 *t++ = ','; strcpy(t,s); } ! if (mbuf == rcline[ngnum]) { rcline[ngnum] = saferealloc(rcline[ngnum], (MEM_SIZE)(rcnums[ngnum] + strlen(newnum) + 1)); } --- 430,436 ----- *t++ = ','; strcpy(t,s); } ! if (!checkflag && mbuf == rcline[ngnum]) { rcline[ngnum] = saferealloc(rcline[ngnum], (MEM_SIZE)(rcnums[ngnum] + strlen(newnum) + 1)); }