[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[coldsync-hackers] Fix for core dump using SPC.

To: coldsync-hackers@lusars.net
Subject: [coldsync-hackers] Fix for core dump using SPC.
From: Fred Gylys-Colwell <fredgc@ktb.net>
Date: Thu, 6 Sep 2001 21:08:40 -0700
Delivered-To: coldsync-hackers-outgoing@rocky.lusars.net
Reply-To: coldsync-hackers@lusars.net
Sender: owner-coldsync-hackers@rocky.lusars.net
User-Agent: Mutt/1.2.5i

Hello,
If a conduit sends an SPC message with zero length, coldsync will try to free()
its buffer twice, resulting in a SIGSEGV.

A patch to fix this is attached.

-- Fred GC.


-- 
----------------------------------------------------------------------
	    Fred Gylys-Colwell      fredgc@member.ams.org

*** coldsync-2.2.0-orig/src/conduit.c	Wed Aug 15 08:27:34 2001
--- coldsync-2.2.0/src/conduit.c	Thu Sep  6 21:04:37 2001
***************
*** 879,885 ****
--- 889,898 ----
  
  			/* We're done with spc_inbuf */
  			if (spc_inbuf != NULL)
+ 			{
  				free(spc_inbuf);
+ 				spc_inbuf = NULL; /* don't free it again. */
+ 			}
  			spc_towrite = spc_req.len;
  
  			/* Error-checking */

Follow-Ups:
- Re: [coldsync-hackers] Fix for core dump using SPC.
  - From: Andrew Arensburger <arensb+CShackers@ooblick.com>

Prev by Date: Re: [coldsync-hackers] [patch] Linux/BSD USB support via libusb
Next by Date: Re: [coldsync-hackers] Fix for core dump using SPC.
Previous by thread: Re: [coldsync-hackers] [patch] Linux/BSD USB support via libusb
Next by thread: Re: [coldsync-hackers] Fix for core dump using SPC.
Index(es):
- Date
- Thread