--pf9I7BMVVzbSWLtt
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

bdev@hss.hns.com wrote:
> @@ -474,6 +475,7 @@
>  		}
>  		if (argc < 4) {
>  			cp =3D argc =3D=3D 3 ? argv[2] : tail(src);
> +			strncpy(downloading_file,cp,LBUFLEN) ;

Read the manpage for strncpy().

>  			fd =3D creat(cp, 0644);
>  			if (fd < 0) {
>  				warn("%s", cp);
> @@ -486,6 +488,9 @@
>  			break;
>  		}
>  		cp =3D tail(src);         /* new .. jdg */
> +		/* Copy out the name of the file which we were deleting
> +		   */
> +		strncpy(downloading_file,cp,LBUFLEN) ;

See above.

> @@ -584,6 +591,13 @@
> =20
>  	signal(SIGALRM, SIG_IGN);
>  	alarm(0);
> +	/* Before we long jump out
> +	   delete the downloading file
> +	   */
> +	if (downloading_file[0])
> +	{
> +		unlink(downloading_file) ;
> +	}=09

The signal could be caught right in the middle of strncpy(). You have
to set and check a flag to verify whether `downloading_file' contains
the filename or not.

>  	longjmp(toplevel, -1);
>  }

It's not your fault but a bug in the original code. The signal
handler is registered before initializing `toplevel`. Therefore, you
might jump right into the void.

--=20
Christian

--pf9I7BMVVzbSWLtt
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (NetBSD)

iD8DBQFAEX4X0KQix3oyIMcRAsoPAKDER+SDfOmF4gyqpefLhs7B4o/2VgCeOBsg
0cXrINRzGzPyNSq3pHBSsqY=
=WxpW
-----END PGP SIGNATURE-----

--pf9I7BMVVzbSWLtt--