[5519] in Moira
Re: eunice segfault
daemon@ATHENA.MIT.EDU (Garry P Zacheiss)
Sun Jan 3 22:45:58 2010
From: Garry P Zacheiss <zacheiss@MIT.EDU>
To: Evan Broder <broder@mit.edu>
CC: "moiradev@mit.edu" <moiradev@mit.edu>, "Mark W. Manley" <mmanley@mit.edu>
Date: Sun, 3 Jan 2010 22:45:50 -0500
Message-ID: <2CBFE16E-9BB1-46E0-822E-B7A3D7E708E8@exchange.mit.edu>
In-Reply-To: <178868c41001031002l1217266fvf7f2c95d79657597@mail.gmail.com>
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Actually, all of that incrementing is intentional (although the segfault obviously isn't). This patch should fix the problem; I can't reproduce the segfault with it applied.
Garry
Index: eunice.c
===================================================================
--- eunice.c (revision 3943)
+++ eunice.c (working copy)
@@ -59,7 +59,7 @@
int status, success;
char **arg = argv;
char *uargv[2];
- char *pargv[PRN_END];
+ char *pargv[PRN_END + 1];
char *membervec[4];
struct member *memberstruct;
char *server = NULL, *p;
@@ -299,7 +299,7 @@
usage(argv);
}
- for (i = 0; i < PRN_END; i++)
+ for (i = 0; i < PRN_END + 1; i++)
pargv[i] = NULL;
/* check for name conflicts. */
@@ -545,10 +545,10 @@
int show_printer_info(char *queuename)
{
char hwaddr[20];
- char *pargv[PRN_END];
+ char *pargv[PRN_END + 1];
int status, banner, i;
- for (i = 0; i < PRN_END; i++)
+ for (i = 0; i < PRN_END + 1; i++)
pargv[i] = NULL;
memset (hwaddr,'\0',sizeof(hwaddr));
On Jan 3, 2010, at 1:02 PM, Evan Broder wrote:
> Hello again -
> I noticed today that eunice segfaulted when printing out the "last
> mod" line of its status.
>
> It looks like this is because save_printer_info increments the
> destination index when it's copying the information from Moira. To
> compensate for this, all of the indices into the returned array were
> also incremented by one, but in the case of PRN_MODWITH, this put the
> index out past the end of the array, causing a segfault.
>
> eunice-segfault.diff removes the extra index increment everywhere it's
> used, and corrects the segfault.
>
> Thanks,
> - Evan
> <eunice-segfault.diff>
