mailx dumps core if line with NUL character in mail
Using SuSE 7.3/mailx 8.1.1 Release 370 I encountered a core dump while executing the mailx command. This is caused by a line with a single NUL character. Further investiga- tion revealed a) a suspicious way to read and count the charac- ters of the mbox (setptr in fio.c): : 94 for (;;) { 95 if (fgets(linebuf, LINESIZE, ibuf) == NULL) { 96 if (append(&this, mestmp)) { 97 perror("temporary file"); 98 exit(1); 99 } 100 makemessage(mestmp); 101 return; 102 } 103 count = strlen(linebuf); 104 (void) fwrite(linebuf, sizeof *linebuf, count, otf); 105 if (ferror(otf)) { 106 perror("/tmp"); 107 exit(1); 108 } : As one easily sees fgets either retured 0 (EOF/error) or a pointer to the read characters. In the case of a NUL character, there is no chance to get the real numbers of characters behind NUL (i. e. retlf). b) using a recent version of gcc (3.2.2) does not make mailx dump the core. Nonetheless the line with the NUL character does not show if you edit the message with 'v'. May somebody please comment on this issue? TIA PKM
participants (1)
-
Peter Karl Müller