tag 630824 = patch
thanks

On Fri, Jun 17, 2011 at 09:01:54PM +0300, Eugene V. Lyubimkin wrote:
> tags 630824 + moreinfo
> quit
> 
> Hi Julian,
> 
> On 2011-06-17 19:15, Julian Andres Klode wrote:
> > Package: cupt
> > Version: 2.1.0
> > 
> > When simulating installation of a package using
> >     cupt install -y -s PACKAGE
> > 
> > cupt fails with a segmentation fault. Attached
> > are the log files from valgrind and gdb on the
> > current git master (locally built with cmake
> > && make, for debugging symbols)
> [...]
> 
> Thanks for the report.
> 
> Logs clearly show where the segfault happens, but I can't understand
> why. I cannot reproduce it on my machine. Is it specific to
> architecture?
> 
> Could you please share somewhere xz'ed output of `cupt tar-metadata`?

I guess a patch helps more. 

-- 
Julian Andres Klode  - Debian Developer, Ubuntu Member

See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/.
From 642b7dc7739e99397047192b567cb3914a9c23d2 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <[email protected]>
Date: Mon, 20 Jun 2011 17:30:40 +0200
Subject: [PATCH] lib: common: Fix va_list double-use (Closes: #630824)

If __get_formatted_string() is asked to format a string
of more than 4096 characters, a second call to vsnprintf()
is issued, reusing the same va_list as in the first
call. As this va_list is already exhausted, a crash
occurs.

Reported-by: Julian Andres Klode <[email protected]>
Signed-off-by: Julian Andres Klode <[email protected]>
---
 cpp/lib/src/common.cpp |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/cpp/lib/src/common.cpp b/cpp/lib/src/common.cpp
index 422f395..5188a0f 100644
--- a/cpp/lib/src/common.cpp
+++ b/cpp/lib/src/common.cpp
@@ -55,10 +55,15 @@ string __get_formatted_string(const char* format, va_list va)
 {
 	char formattedBuffer[4096];
 
+	va_list vb;
+	va_copy(vb, va);
+
 	auto substitutedFormat = __substitute_eee(format, errno);
 
 	auto bytesWritten = vsnprintf(formattedBuffer, sizeof(formattedBuffer),
-			substitutedFormat.c_str(), va);
+			substitutedFormat.c_str(), vb);
+
+	va_end(vb);
 
 	if ((size_t)bytesWritten < sizeof(formattedBuffer))
 	{
-- 
1.7.5.4

Attachment: pgpSeAfbcWAVS.pgp
Description: PGP signature

Reply via email to