id summary reporter owner description type status priority milestone component version resolution keywords cc blockedby blocking branch_state votes 3176 Segfault in sftpfs VFS when trying to view a file vahur andrew_b "MC terminates with a segfault when user tries to view a file (with F3) on a remote server via SFTPFS. This is caused by using data from already free()-d memory in /src/vfs/sftpfs/file.c. sftpfs_lseek() accesses a memory block, which is previously deallocated by sftpfs_reopen(). Here's the patch: {{{ diff --git a/src/vfs/sftpfs/file.c b/src/vfs/sftpfs/file.c index c7a4eb9..f757109 100644 --- a/src/vfs/sftpfs/file.c +++ b/src/vfs/sftpfs/file.c @@ -60,12 +60,17 @@ static void sftpfs_reopen (vfs_file_handler_t * file_handler, GError ** error) { sftpfs_file_handler_data_t *file_handler_data; + int flags; + mode_t mode; file_handler_data = (sftpfs_file_handler_data_t *) file_handler->data; + flags = file_handler_data->flags; + mode = file_handler_data->mode; sftpfs_close_file (file_handler, error); - if (error == NULL || *error == NULL) - sftpfs_open_file (file_handler, file_handler_data->flags, file_handler_data->mode, error); + if (error == NULL || *error == NULL) { + sftpfs_open_file (file_handler, flags, mode, error); + } } /* --------------------------------------------------------------------------------------------- */ @@ -361,8 +366,6 @@ sftpfs_lseek (vfs_file_handler_t * file_handler, off_t offset, int whence, GErro { sftpfs_file_handler_data_t *file_handler_data; - file_handler_data = (sftpfs_file_handler_data_t *) file_handler->data; - switch (whence) { case SEEK_SET: @@ -392,6 +395,8 @@ sftpfs_lseek (vfs_file_handler_t * file_handler, off_t offset, int whence, GErro break; } + file_handler_data = (sftpfs_file_handler_data_t *) file_handler->data; + libssh2_sftp_seek64 (file_handler_data->handle, file_handler->pos); file_handler->pos = (off_t) libssh2_sftp_tell64 (file_handler_data->handle); }}} Output of mc -V: GNU Midnight Commander 4.8.11-77-g9bbc510 Built with GLib 2.38.2 Using the ncurses library With builtin Editor With subshell support as default With support for background operations With mouse support on xterm With multiple codepages support Virtual File Systems: cpiofs, tarfs, sfs, extfs, ftpfs, sftpfs, fish Data types: char: 8; int: 32; long: 64; void *: 64; size_t: 64; off_t: 64; " defect closed major 4.8.12 mc-vfs master fixed merged andrew_b