Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site sdccsu3.UUCP Path: utzoo!linus!philabs!sdcsvax!sdccsu3!madden From: madden@sdccsu3.UUCP Newsgroups: net.news.b Subject: Bug in 2.10.1 news Message-ID: <955@sdccsu3.UUCP> Date: Fri, 8-Jul-83 23:47:11 EDT Article-I.D.: sdccsu3.955 Posted: Fri Jul 8 23:47:11 1983 Date-Received: Sat, 9-Jul-83 19:12:08 EDT Organization: U.C. San Diego, Student System 3 Lines: 51 There is a rather serious bug in the control message handling of news 2.10.1 (and probably other versions of bnews) which causes it to take core dumps and leave lock files around when trying to send control messages. In xmitmsg of module control.c, a local structure, h, is declared and used without being completely initialized. Later, when this structure is passed on to other routines, garbage pointers in h.unrec are likely to cause unpleasant memory faults, and following damage. The solution I've used is to set the appropriate pointers to NULL before passing h on: ------- control.c ------- *** /tmp/d10606 Fri Jul 8 20:36:56 1983 --- control.c Fri Jul 8 10:57:47 1983 *************** *** 453,458 struct srec srec; FILE *tfp; char *fname; /* Make an article called ARTICLE */ sprintf(h.from, "%s@%s%s", "usenet", FULLSYSNAME, MYDOMAIN); --- 453,459 ----- struct srec srec; FILE *tfp; char *fname; + register iu; /* Make an article called ARTICLE */ sprintf(h.from, "%s@%s%s", "usenet", FULLSYSNAME, MYDOMAIN); *************** *** 465,470 strcpy(h.expdate, ""); getident(&h); dates(&h); tfp = xfopen(fname = mktemp("/tmp/xmsgXXXXXX"), "w"); hwrite(&h, tfp); fclose(tfp); --- 466,474 ----- strcpy(h.expdate, ""); getident(&h); dates(&h); + for (iu = 0; iu < NUNREC; iu++) { + h.unrec[iu] = NULL; + } tfp = xfopen(fname = mktemp("/tmp/xmsgXXXXXX"), "w"); hwrite(&h, tfp); fclose(tfp);