Hi,
== src/usr.bin/sendbug/sendbug.c ==
Tell me if I'm wrong, but in the main() function, we call
getenv() two times (l. 113 & 134) without holding the result
of the first call.
According to man getenv:
"The string pointed to may be overwritten by a subsequent
call to getenv()"
After the second call, main() could launch hwdump() which
uses the return value of the first call, which could have been
overwritten by the second one.
We should hold the return value in a char instead of a pointer,
with something like:
--- sendbug.c 2012-07-21 21:55:17.000000000 +0200
+++ sendbug.c 2012-12-07 19:04:04.770853812 +0100
@@ -83,7 +83,7 @@
{
int ch, c, fd, ret = 1;
struct stat sb;
- char *pr_form;
+ char *pr_form, *tmp;
time_t mtime;
FILE *fp;
@@ -110,7 +110,8 @@
if (argc > 0)
usage();
- if ((tmpdir = getenv("TMPDIR")) == NULL || tmpdir[0] == '\0')
+ if ((tmp = getenv("TMPDIR")) == NULL || tmp[0] == '\0' ||
+ (tmpdir = strdup(tmp)) == NULL)
tmpdir = _PATH_TMP;
if (Pflag) {
Shouldn't we ?
