Can you please attach the patch to the Squid bug report?
<url:http://www.squid-cache.org/bugs/show_bug.cgi?id=753>
Regards
Henrik
On Mon, 24 Nov 2003, David Wilder wrote:
>
>
>
>
> Please accept the following patch. This fixes the segmentation faults
> reported in bugzilla 753.
>
> The patch is against 2.5.STABLE4. The problem was reproduced on SuSE
> SLES-8 SP3 running on IBM zSeries (31-bit). However, the bug should be
> generic to all platforms.
>
> --- MemBuf.c.orig 2003-11-21 15:51:42.000000000 -0800
> +++ MemBuf.c 2003-11-21 16:00:18.000000000 -0800
> @@ -228,6 +228,7 @@
> void
> memBufVPrintf(MemBuf * mb, const char *fmt, va_list vargs)
> {
> + va_list ap;
> int sz = 0;
> assert(mb && fmt);
> assert(mb->buf);
> @@ -236,7 +237,12 @@
> while (mb->capacity <= mb->max_capacity) {
> mb_size_t free_space = mb->capacity - mb->size;
> /* put as much as we can */
> - sz = vsnprintf(mb->buf + mb->size, free_space, fmt, vargs);
> +
> + va_copy(ap,vargs); /* bug 753, the value of vargs is undefined
> + * after vsnprintf()
> returnes. Make a copy of vargs
> + * incase we loop around and call vsnprintf()
> again.
> + */
> + sz = vsnprintf(mb->buf + mb->size, free_space, fmt, ap);
> /* check for possible overflow */
> /* snprintf on Linuz returns -1 on overflows */
> /* snprintf on FreeBSD returns at least free_space on overflows */
> @@ -245,6 +251,7 @@
> else
> break;
> }
> + va_end(ap);
> mb->size += sz;
> /* on Linux and FreeBSD, '\0' is not counted in return value */
> /* on XXX it might be counted */
>
>
>
> David Wilder
> IBM Global Services, Linux Change Team
> wilder@us.ibm.com
> (503) 578-3789 T/L 775-3789
>
Received on Mon Nov 24 2003 - 11:10:03 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:20:47 MST