Bug found in lib/libc/gen/getwd.c on 4.3 BSD Vax 11/780
Also known as Andrew
pcng at cad.jmrc.eecs.unsw.oz
Wed Jul 27 12:06:51 AEST 1988
VERSION:
getwd.c 5.2 (Berkeley) 3/9/86
CLIENT MACHINE:
VAX 11/780
CLIENT OPERATING SYSTEM:
BSD UNIX 4.3 Release ???
SYNOPSIS:
Misplaced library call closedir() in getwd().
DESCRIPTION:
The problem arises when the function prepend() is trying to access the
file name which is a segment of memory allocated within the opendir()
function call. This segment, however, is no longer valid if closedir()
function call is issued.
REPEAT-BY:
This bug can only be demonstrated with your own malloc package instead
of the standard one. The malloc package has to be able to either erase
the memory to be freed with junk data or release the memory back to
the system (via sbrk(2)).
FIX:
Just swap two lines.
*** /usr/src/lib/libc/gen/getwd.c Mon Mar 10 14:49:35 1986
--- getwd.c Wed Jul 27 09:52:24 1988
***************
*** 85,92 ****
strcpy(dptr, dir->d_name);
lstat(curdir, &dd);
} while(dd.st_ino != cino || dd.st_dev != cdev);
- closedir(dirp);
pnptr = prepend("/", prepend(dir->d_name, pnptr));
}
if (*pnptr == '\0') /* current dir == root dir */
strcpy(pathname, "/");
--- 85,93 ----
strcpy(dptr, dir->d_name);
lstat(curdir, &dd);
} while(dd.st_ino != cino || dd.st_dev != cdev);
pnptr = prepend("/", prepend(dir->d_name, pnptr));
+ /* Now is save to close the directory pointer */
+ closedir(dirp);
}
if (*pnptr == '\0') /* current dir == root dir */
strcpy(pathname, "/");
---------------------
_ _. __ _,
--- /_)_(__/) )_(_)_ [ Also know as Andrew ]
/ /|
' |/
----------------
Po Cheung NG ISD: +61 2 697-4056
JMRC, School of Elec. Eng. and Comp. Sci., STD: (02) 697-4056
The University of New South Wales, FAX: +61 2 662-2087
PO Box 1, Kensington, ARPA: pcng%cad.jmrc.eecs.unsw.oz.au at uunet.uu.net
Sydney, NSW 2033, JANET: cad.jmrc.eecs.unsw.oz!pcng at ukc
AUSTRALIA. ACSnet: pcng at cad.jmrc.eecs.unsw.oz
UUCP: {enea,hplabs,mcvax,prlb2,uunet,ubc-vision,ukc}!munnari!cad.jmrc.eecs.unsw.oz!pcng
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list