Subject: bin/3489: fix for occasional vi(1) crash
To: None <gnats-bugs@gnats.netbsd.org>
From: Ross Harvey <ross@teraflop.com>
List: netbsd-bugs
Date: 04/14/1997 01:43:39
>Number:         3489
>Category:       bin
>Synopsis:       vi(1), fix for bad free() leading to occasional cores
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Apr 14 01:50:01 1997
>Last-Modified:
>Originator:     Ross Harvey
>Organization:
Avalon Computer Systems, Inc.
>Release:        bug is in vi 1.66
>Environment:
	
System: NetBSD epsilon.teraflop.com 1.2D NetBSD 1.2D (e) #15: Wed Apr 9 21:12:42 PDT 1997 ross@epsilon.ghs.com:/bsd/ross/e alpha


>Description:
	Patch provided for bad free() involving the tags feature of
	vi(1). Causes occasional cores having something to do with
	switching files.
>How-To-Repeat:
	It happens every couple of days for me, don't know how to
	repeat.  But I think my fix is right...someone else put
	the same fix into some post-1.66 version.
>Fix:

	Either upgrade the vi version or apply this patch...

	patch -d /usr/src/usr.bin/vi/ex


--- /bsd/base-src/usr.bin/vi/ex/ex_tag.c	Mon May 20 05:19:12 1996
+++ /usr/src/usr.bin/vi/ex/ex_tag.c	Mon Apr 14 01:24:56 1997
@@ -798,7 +798,8 @@
 		CIRCLEQ_REMOVE(&tqp->tagq, tp, q);
 		free(tp);
 	}
-	CIRCLEQ_REMOVE(&exp->tq, tqp, q);
+	if(tqp->q.cqe_next != NULL)
+		CIRCLEQ_REMOVE(&exp->tq, tqp, q);
 	free(tqp);
 	return (0);
 }
>Audit-Trail:
>Unformatted: