From 659ef1334287b48b7ecfa6457cc4743e7f2c06dd Mon Sep 17 00:00:00 2001 From: Noriko Hosoi Date: Thu, 26 Jan 2017 15:10:46 -0800 Subject: [PATCH 429/429] Ticket #49104 - dbscan-bin crashing due to a segmentation fault Description: There was a logic error in format_raw. When a truncate option (-t width) is given, the function cut the output and replace the last 5 bytes with " ...\0". The position to start the replace was not correct in some case. https://fedorahosted.org/389/ticket/49104 Reviewed by wibrown@redhat.com (Thank you, William!!) (cherry picked from commit efeb2f6e873df32ce7545fa1fb319806d2108fda) (cherry picked from commit 3e3bcee42d3cb800457127e0d71ed7ce7a5d65a0) (cherry picked from commit 93946f9e853d5f17b894ffb11a1dcfaeb9698890) --- ldap/servers/slapd/tools/dbscan.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/ldap/servers/slapd/tools/dbscan.c b/ldap/servers/slapd/tools/dbscan.c index d84f138..c9445c6 100644 --- a/ldap/servers/slapd/tools/dbscan.c +++ b/ldap/servers/slapd/tools/dbscan.c @@ -239,6 +239,7 @@ static char *format_raw(unsigned char *s, int len, int flags, return NULL; for (p = s, o = buf, i = 0; i < len && o < bufend; p++, i++) { + int ishex = 0; if ((*p == '%') || (*p <= ' ') || (*p >= 126)) { /* index keys are stored with their trailing NUL */ if ((*p == 0) && (i == len-1)) @@ -252,18 +253,32 @@ static char *format_raw(unsigned char *s, int len, int flags, *o++ = '%'; *o++ = hex[*p / 16]; *o++ = hex[*p % 16]; + ishex = 1; } } else { *o++ = *p; } if (truncatesiz > 0 && o > bufend - 5) { /* truncate it */ + /* + * Padding " ...\0" at the end of the buf. + * If dumped as %##, truncate the partial value if any. + */ + o = bufend - 5; + if (ishex) { + if ((o > buf) && *(o-1) == '%') { + o -= 1; + } else if ((o > buf + 1) && *(o-2) == '%') { + o -= 2; + } + } strcpy((char *)o, " ..."); i = len; o += 4; + break; } } - *o = 0; + *o = '\0'; return (char *)buf; } -- 2.9.3