1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
Author: Alexander Block <ablock84@gmail.com>
Description: Fix crash on amd64 when enabling file logging
On amd64 architectures, slirp crashes immediately when file logging is
enabled with "log start". It happens at the first call to lprint after the
log file is opened and ready for logging. The reason is that the va_list
object "args" is used twice in that case, once at
lprint_ptr += (*lprint_print)(*lprint_arg, format, args);
and once at
vfprintf(lfd, bptr2, args);
.
After the first call, args gets invalid because all arguments have been
read from the va_args structure. For some reason, this does not happen on
i386 versions. Maybe a real copy of args is created when the function is
called in i386.
Bug-Debian: http://bugs.debian.org/587907
--- slirp-1.0.17/src/misc.c 2010-07-02 13:12:16.000000000 +0200
+++ slirp-1.0.17-changed/src/misc.c 2010-07-02 15:37:19.617074017 +0200
@@ -602,13 +602,17 @@
#endif
{
va_list args;
+ va_list args2;
#ifdef __STDC__
va_start(args, format);
+ va_start(args2, format);
#else
char *format;
va_start(args);
+ va_start(args2);
format = va_arg(args, char *);
+ va_arg(args2, char *); // skip
#endif
/* If we're printing to an sbuf, make sure there's enough room */
/* XXX +100? */
@@ -651,10 +655,11 @@
else
bptr1++;
}
- vfprintf(lfd, bptr2, args);
+ vfprintf(lfd, bptr2, args2);
free(bptr2);
}
va_end(args);
+ va_end(args2);
}
void
|
