projects / iproute2.git / blame
| Commit | Line | Data |
|---|---|---|
| 6a1a5031 RJ |
1 | When ss is invoked with the no-header flag, if the query doesn't return |
| 2 | any result, render() is called with 'buffer' uninitialized. This | |
| 3 | currently leads to a segfault. Ensure that buffer is initialized before | |
| 4 | rendering. | |
| 5 | ||
| 6 | The bug can be triggered with: ss -H sport = 100000 | |
| 7 | ||
| 8 | Signed-off-by: Jean-Philippe Brucker <jphilippe.brucker@xxxxxxxxx> | |
| 9 | --- | |
| 10 | misc/ss.c | 7 ++++++- | |
| 11 | 1 file changed, 6 insertions(+), 1 deletion(-) | |
| 12 | ||
| 13 | diff --git a/misc/ss.c b/misc/ss.c | |
| 14 | index e047f9c0..e087bef7 100644 | |
| 15 | --- a/misc/ss.c | |
| 16 | +++ b/misc/ss.c | |
| 17 | @@ -1197,10 +1197,15 @@ newline: | |
| 18 | /* Render buffered output with spacing and delimiters, then free up buffers */ | |
| 19 | static void render(int screen_width) | |
| 20 | { | |
| 21 | - struct buf_token *token = (struct buf_token *)buffer.head->data; | |
| 22 | + struct buf_token *token; | |
| 23 | int printed, line_started = 0; | |
| 24 | struct column *f; | |
| 25 | ||
| 26 | + if (!buffer.head) | |
| 27 | + return; | |
| 28 | + | |
| 29 | + token = (struct buf_token *)buffer.head->data; | |
| 30 | + | |
| 31 | /* Ensure end alignment of last token, it wasn't necessarily flushed */ | |
| 32 | buffer.tail->end += buffer.cur->len % 2; | |
| 33 | ||
| 34 | -- | |
| 35 | 2.16.2 |