Ticket #4401: mc-4401-segmentation-fault-in-mcviewer.patch

File mc-4401-segmentation-fault-in-mcviewer.patch, 2.1 KB (added by misch, 20 months ago)

working patch

  • lib/utilunix.c 

    From 3b1a1c108de13071c03438b1c3494e1c45da6935 Mon Sep 17 00:00:00 2001
From: Michael Schuster <michael@schuster.ms>
Date: Fri, 19 Aug 2022 13:35:20 +0200
Subject: [PATCH] Ticket #4401: Segmentation fault in mcviewer (growbuf.c)

src/viewer/growbuf.c:
  The previous call to mcview_show_error invalidates sp by freeing view->ds_stdio_pipe

  Reintroduce the check that was removed by ticket #4103 but take sp's invalidity into account.

lib/utilunix.c:
  Add a NULL pointer check to mc_pclose to play safe.

Signed-off-by: Michael Schuster <michael@schuster.ms>
---
 lib/utilunix.c       |  7 +++++++
 src/viewer/growbuf.c | 10 ++++++++++
 2 files changed, 17 insertions(+)

diff --git a/lib/utilunix.c b/lib/utilunix.c
index ec81d0754..f580591e4 100644
    a b mc_pclose (mc_pipe_t * p, GError ** error) 
    675675{ 
    676676    int res; 
    677677 
     678    if (p == NULL) 
     679    { 
     680        mc_replace_error (error, MC_PIPE_ERROR_READ, "%s", 
     681                          _("Cannot close pipe descriptor (p == NULL)")); 
     682        return; 
     683    } 
     684 
    678685    if (p->out.fd >= 0) 
    679686        res = close (p->out.fd); 
    680687    if (p->err.fd >= 0) 

  • src/viewer/growbuf.c 

    diff --git a/src/viewer/growbuf.c b/src/viewer/growbuf.c
index c4ada83a2..9b9753694 100644
    a b mcview_growbuf_read_until (WView * view, off_t ofs) 
    186186                view->pipe_first_err_msg = FALSE; 
    187187 
    188188                mcview_show_error (view, sp->err.buf); 
     189 
     190                /* when switch from parse to raw mode and back, 
     191                 * do not close the already closed pipe (see call to mcview_growbuf_done below). 
     192                 * return from here since (sp == view->ds_stdio_pipe) would now be invalid. 
     193                 * NOTE: this check was removed by ticket #4103 but the above call to 
     194                 *       mcview_show_error triggers the stdio pipe handle to be closed: 
     195                 *       mcview_close_datasource -> mcview_growbuf_done 
     196                 */ 
     197                if (view->ds_stdio_pipe == NULL) 
     198                    return; 
    189199            } 
    190200 
    191201            if (sp->out.len > 0)