[1625] in Athena Bugs


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

/bin/ed (VAX 6.0R)

daemon@ATHENA.MIT.EDU (John T Kohl)
Wed Jan 11 09:38:02 1989

Date: Wed, 11 Jan 89 09:37:39 EST
From: John T Kohl <jtkohl@ATHENA.MIT.EDU>
To: bugs@ATHENA.MIT.EDU
/bin/ed can't handle file names greater than 64 characters (apparently).
Selected portions of the source code:
#define	FNSIZE	64

char	savedfile[FNSIZE];

		p1 = savedfile;
		if (*p1==0 && comm!='f')
			error(Q);
		p2 = file;
		while (*p2++ = *p1++)
			;
		return;

The effect is to trash ed's memory completely with a long filename.
It seg faults on a VAX.

The filename in question is exactly 64 characters, so there is no room
for a trailing null in the savedfile[] array.

[lycus:/mit/kerberos/config/jtkohl/util/imake.includes]% ed /mit/kerberos/config/jtkohl/util/imake.includes/config.Imakefil
4550
q
[lycus:/mit/kerberos/config/jtkohl/util/imake.includes]% ed /mit/kerberos/config/jtkohl/util/imake.includes/config.Imakefile
Segmentation violation (core dumped)
[lycus:/mit/kerberos/config/jtkohl/util/imake.includes]%


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[1625] in Athena Bugs

/bin/ed (VAX 6.0R)

daemon@ATHENA.MIT.EDU (John T Kohl)Wed Jan 11 09:38:02 1989

daemon@ATHENA.MIT.EDU (John T Kohl)
Wed Jan 11 09:38:02 1989