1.0




Next: 0.9.10 Up: Releases Previous: 1.1

1.0

Jae W. Chang wrote in his article in comp.infosystems.wais: What happens is that scandir is searching for files of the form field_<db>.<field>. If it exists, then they are removed since the user specified a new database to be created and new files have to be created by the same name.

This is a bug. The result from scandir should've been checked. If the result is 0 - meaning no files of the above form were found - the matches array is never allocated, BUT the code still dereferences matches as if it were allocated thus seg fault.

Just looking briefly at an Ultrix man page, freeWAIS-sf will bomb on this dec as well at the same spot, so it's not just isolated to a "linux" quirk.

Here's my diff:

diff -c -r1.22 field_index.c
*** 1.22        1994/09/07 13:29:22
--- field_index.c       1994/10/05 14:10:26
***************
*** 760,776 ****
    strcpy(path,dir);
    strncat(path,"/",MAX_FILENAME_LEN);
    
!   scandir(dir, &matches, rmselector, NULL);
!   for(i=0;matches[i];i++) {
!     path[strlen(dir)+1] = '\0';
!     strncat(path,matches[i]->d_name,MAX_FILENAME_LEN);
!     s_free(matches[i]);
!     waislog(WLOG_LOW, WLOG_INFO, "deleting \"%s\"", path);
!     if (unlink(path)) {
!       waislog(WLOG_HIGH, WLOG_ERROR, "unlink failed");
!     }
    }
-   s_free(matches);
    return(i);
  }
      
--- 760,777 ----
    strcpy(path,dir);
    strncat(path,"/",MAX_FILENAME_LEN);
    
!   if ( scandir(dir, &matches, rmselector, NULL) > 0 ) {
!       for(i=0;matches[i];i++) {
!         path[strlen(dir)+1] = '\0';
!         strncat(path,matches[i]->d_name,MAX_FILENAME_LEN);
!         s_free(matches[i]);
!         waislog(WLOG_LOW, WLOG_INFO, "deleting \"%s\"", path);
!         if (unlink(path)) {
!             waislog(WLOG_HIGH, WLOG_ERROR, "unlink failed");
!         }
!       }
!       s_free(matches);
    }
    return(i);
  }

___________________________________________________

Ulrich Pfeifer
Thu May 25 16:37:04 MET DST 1995