Path: utzoo!utgpu!water!watmath!clyde!att!rutgers!mit-eddie!bloom-beacon!tut.cis.ohio-state.edu!cs.utexas.edu!sm.unisys.com!sdcsmb!sea!eggert From: eggert@sm.unisys.com (Paul Eggert) Newsgroups: comp.sources.bugs Subject: patch for less v97: unset variable in exec_mca() can lead to core dump Message-ID:Date: 26 Sep 88 16:27:42 GMT Organization: Unisys Santa Monica Lines: 20 In less version 97, a local variable 'n' in exec_mca() is not initialized. If n's initial garbage is a small negative number, 'less' can dump core because it allocates a buffer that is too small, and then overruns the buffer. Here's a fix to line 309 of command.c. *** less97/command.c Mon Sep 26 09:03:50 1988 --- patched/command.c Mon Sep 26 08:48:26 1988 *************** *** 307,311 **** * need to allocate for the expanded shell cmd. */ ! for (fr = cmdbuf; *fr != '\0'; fr++) if (*fr == '%') n += strlen(current_file); --- 307,311 ---- * need to allocate for the expanded shell cmd. */ ! for (fr = cmdbuf, n = 0; *fr != '\0'; fr++) if (*fr == '%') n += strlen(current_file);