Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!aplcen!haven!usenet From: louie@sayshell.umd.edu (Louis A. Mamakos) Newsgroups: comp.mail.mh Subject: NULL pointer dereference bug in MH 6.7 Message-ID: <1990Aug10.154052.4566@haven.umd.edu> Date: 10 Aug 90 15:40:52 GMT Sender: usenet@haven.umd.edu (USENET News Posting) Organization: The University of Maryland, College Park Lines: 55 I ran across this bug which spiffing up my scan format to insert a symbol if the message in question was actually addressed to me. I used something like this as my format file: %4(msg)\ %<(cur)+%| %>\ %<{replied}-%| %>\ %<(mymbox{to})>%| %>\ %(void(rclock{date}))\ %<(gt 15768000)%03(month{date})%02(year{date})%|\ %<(gt 604800)%02(mday{date})%03(month{date})%|\ %<(gt 86400) %(day{date}) %|\ %02(hour{date}):%02(min{date})%>%>%>\ %<{date} %|*%>\ %<(mymbox{from})To:%14(friendly{to})%|%17(friendly{from})%> \ %{subject}%<{body}<<%{body}%> The interesting thing being the use of the mymbox function. This worked pretty well until confronted by this message: Date: Fri, 31 Mar 89 18:22:54 PST To: Request-for-Comments-List:;@SRI-NIC.ARPA cc: Sullivan@venera.isi.edu From: Kathleen Sullivan Subject: RFC 1097 Now Available Note the rather precular To: line. This message was toxic to the scan command, causing it to dump core. Here's the fix that I applied which seems to have fixed the problem: *** addrsbr.c.orig Thu Apr 12 16:28:50 1990 --- addrsbr.c Fri Aug 10 11:23:17 1990 *************** *** 830,835 **** --- 830,837 ---- } #else not BERK for (mp = &mq; mp = mp -> m_next;) { + if (np -> m_mbox == NULL) + continue; if ((len = strlen (cp = np -> m_mbox)) < (i = strlen (pp = mp -> m_mbox))) continue; *************** *** 854,859 **** --- 856,863 ---- if (mp -> m_nohost) return 1; + if (np -> m_host == NULL) + continue; if ((len = strlen (cp = np -> m_host)) < (i = strlen (pp = mp -> m_host))) continue;