Patch for bugzilla 753.

Please accept the following patch. This fixes the segmentation faults
reported in bugzilla 753.

The patch is against 2.5.STABLE4. The problem was reproduced on SuSE
SLES-8 SP3 running on IBM zSeries (31-bit). However, the bug should be
generic to all platforms.

--- MemBuf.c.orig 2003-11-21 15:51:42.000000000 -0800
+++ MemBuf.c 2003-11-21 16:00:18.000000000 -0800
@@ -228,6 +228,7 @@
 void
 memBufVPrintf(MemBuf * mb, const char *fmt, va_list vargs)
 {
+ va_list ap;
     int sz = 0;
     assert(mb && fmt);
     assert(mb->buf);
@@ -236,7 +237,12 @@
     while (mb->capacity <= mb->max_capacity) {
      mb_size_t free_space = mb->capacity - mb->size;
      /* put as much as we can */
- sz = vsnprintf(mb->buf + mb->size, free_space, fmt, vargs);
+
+ va_copy(ap,vargs); /* bug 753, the value of vargs is undefined
+ * after vsnprintf()
returnes. Make a copy of vargs
+ * incase we loop around and call vsnprintf()
again.
+ */
+ sz = vsnprintf(mb->buf + mb->size, free_space, fmt, ap);
      /* check for possible overflow */
      /* snprintf on Linuz returns -1 on overflows */
      /* snprintf on FreeBSD returns at least free_space on overflows */
@@ -245,6 +251,7 @@
      else
          break;
     }
+ va_end(ap);
     mb->size += sz;
     /* on Linux and FreeBSD, '\0' is not counted in return value */
     /* on XXX it might be counted */

David Wilder
   IBM Global Services, Linux Change Team
   wilder@us.ibm.com
   (503) 578-3789 T/L 775-3789
Received on Mon Nov 24 2003 - 11:10:27 MST