Bug#4609: csh bombs when invoked from subdir w/ 28-char name
Package: csh
Version: 5.26-3
I found not one but two bugs in /bin/csh. The incredibly bizarre
symptom (on my system) is that if you try to run csh while cd'ed to a
subdirectory of your home directory whose full pathname is exactly 28
characters long, csh dies with a segmentation fault. Using Electric
Fence, it was pretty quick to track this down to a problem with
s_strncmp (strncmp for short strings) which causes it to return "no
match" for the case where the first string is an initial substring of
the second, plus a malloc in dcanon that allocates one Char fewer than
it should. Here are the fixes:
*** /tmp/str.c.orig Thu Sep 26 12:35:25 1996
--- /tmp/str.c Thu Sep 26 12:35:25 1996
***************
*** 338,343 ****
--- 338,345 ----
* negative collate low against normal characters but high against
the
* end-of-string NUL.
*/
+ if (n == 0)
+ return(0);
if (*str1 == '\0' && *str2 == '\0')
return (0);
else if (*str1 == '\0')
*** /tmp/dir.c.orig Thu Sep 26 12:35:59 1996
--- /tmp/dir.c Thu Sep 26 12:35:59 1996
***************
*** 876,882 ****
*/
p2 = cp + Strlen(p2);
sp = newcp = (Char *) xmalloc((size_t)
! ((cc + Strlen(p2)) * sizeof(Char)));
while (*p1)
*sp++ = *p1++;
while (*p2)
--- 876,882 ----
*/
p2 = cp + Strlen(p2);
sp = newcp = (Char *) xmalloc((size_t)
! ((cc + Strlen(p2) + 1) * sizeof(Char)));
while (*p1)
*sp++ = *p1++;
while (*p2)
These patches are relative to the sources on the I-Connect Debian 1.1
CD. I'm now using a custom-built 2.0.21 kernel. Both bugs have already
been fixed in both tcsh and the FreeBSD version of csh. Look carefully
at the s_strncmp fix, I think FreeBSD csh and tcsh have a better
solution than mine.
-Randy
--
http://cogsci.ucsd.edu/~gobbel/
Reply to: