locate crashes at the end of every call

[karmak]

after having run updatedb, every call of the locate command gives me the attended result (it works), and the crashes. This is 100% reproductible on my machine (real hardware, IBM R52 ; Haiku hrev28734, bug happening since i found locate, approx hrev28600).

the backtrace :

#0  0x002027e5 in getstr ()
#1  0x0020167c in locate ()
#2  0x00201998 in main ()

The problem happens if there are positive results, and if there are no results (same backtrace).

[karmak]

strace showing the segmentation violation

[Adek336]

src/bin/findutils/locate/locate.c, line 281: before the crash, count is being filled with a large value, much larger than pathsize. In line 288, count is the "offset" and &pathsize is the "n" argument to getstr, where *n is the size of a buffer and offset is the offset into that buffer. Obviously, *n < offset is incorrect.

The incorrect value for "count" is being read from /boot/var/locatedb. Either the file is corrupt or there is bug in the db reading logic.

[Adek336]

It is both correct in the file and correctly read, it is just incorrectly added because of the wrong return type of get_short.

fix:

Index: locate/locate.c
===================================================================
--- locate/locate.c     (revision 28736)
+++ locate/locate.c     (working copy)
@@ -107,7 +107,7 @@
 
 /* Read in a 16-bit int, high byte first (network byte order).  */
 
-static int
+static short
 get_short (fp)
      FILE *fp;
 {

[Adek336]

As it turns out, this has already been fixed in upstream - updating versions would be a good idea, I think.

[korli]

Could you check with hrev28751 please ?

[karmak]

You got it ! On hrev28752 it doesn't crash !

This ticket can be closed.

THANKS !!