Subject: vi bug
To: None <current-users@sun-lamp.cs.berkeley.edu>
From: Lennart Augustsson <augustss@cs.chalmers.se>
List: current-users
Date: 02/18/1994 02:01:54
There is a bug in vi (nvi) that causes a core dump.
Repeat by: type a digit followed by the delete key
The problem:
The command character is tested to belong to the valid range
of characters before the point where it gets its new value if
a count is used.
Fix:
Move the test.
*** vi/vi.c.orig Fri Feb 18 01:56:16 1994
--- vi/vi.c Fri Feb 18 01:56:32 1994
***************
*** 326,335 ****
}
key = ikey.ch;
- if (key > MAXVIKEY) {
- msgq(sp, M_BERR, "%s isn't a vi command", charname(sp, key));
- return (1);
- }
/* Pick up optional buffer. */
if (key == '"') {
--- 326,331 ----
***************
*** 360,365 ****
--- 356,366 ----
KEY(vp->buffer, 0);
F_SET(vp, VC_BUFFER);
KEY(key, TXT_MAPCOMMAND);
+ }
+
+ if (key > MAXVIKEY) {
+ msgq(sp, M_BERR, "%s isn't a vi command", charname(sp, key));
+ return (1);
}
/*
-- Lennart
------------------------------------------------------------------------------