X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:date:message-id:subject:from:to
	:content-type; q=dns; s=default; b=am3D5aUzvL17vV5PPhTKl2HtTlhxu
	Ns9MqsQS17DuAWYyYE36vfM90kzadqD4B0/1wKvMg7dNLXOq9sk8rYA601txBm8k
	iwJAa+1fy8Mn/WVmDj7OjYhCYGFxGAxJbmsi2LXjUxvvCwkhIovuOghNw4Rbc/4R
	XQ7oNg+nHodMD4=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:date:message-id:subject:from:to
	:content-type; s=default; bh=RvKm8Tz1THDWI44K2PhMn35odf4=; b=V2h
	J+GrJXFv5SHIBQIBOLKRSOY18ZaDx5N85DrBwLiUmIjfh3hD2NiBQNL4UHdozKvL
	3lXKyLDq0+Zt75IUuzxQKC1v2y/fYMm5bv2D7o4+YYDNouGJqugkruQfH2Rzsstz
	+kbK9N+Xt0p2V+Q5shLySplXrVO1+aEOb5gJzgxo=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
X-Spam-SWARE-Status: No, score=-1.5 required=5.0 tests=BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RCVD_IN_HOSTKARMA_YE,RDNS_NONE,SPF_PASS autolearn=no version=3.3.1
MIME-Version: 1.0
X-Received: by 10.15.41.77 with SMTP id r53mr18153363eev.64.1376156098926; Sat, 10 Aug 2013 10:34:58 -0700 (PDT)
Date: Sun, 11 Aug 2013 02:34:58 +0900
Message-ID: <CAOJ7xCsuuhNmtz_ybGJoEeUAdWhJ1Y3+9d5mBtATH-F=VpkYGg@mail.gmail.com>
Subject: Patch for run-1.3.0-1 core dump
From: foo <ggl329@gmail.com>
To: cygwin@cygwin.com
Content-Type: text/plain; charset=ISO-8859-1

Hi,

Whenever I execute run.exe, it generates run.exe.stackdump.

At line 370 in run.c, run2_freeargv() tries to free newargv, and
run2_freeqrgv() expects that newargv is terminated by NULL. However,
in shifting newargv at line 253-256, it fails to shift NULL
terminator. Therefore, run2_freeargv() frees memory illegally.
The following patch is a workaround.

--- run.c.old
+++ run.c.new
@@ -252,7 +252,7 @@
       newargv = run2_dupargv (argv);
       /* discard newargv[0] and shift up */
       free (newargv[0]);
-      for (newargc = 1; newargc < argc; newargc++)
+      for (newargc = 1; newargv[newargc-1] != NULL; newargc++)
          newargv[newargc-1] = newargv[newargc];
       newargc = argc - 1;


Regards,

---
   ggl329

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple