netbsd-bugs: bin/4113: vi coredumps when 'set list' on some files

Subject: bin/4113: vi coredumps when 'set list' on some files
To: None <gnats-bugs@gnats.netbsd.org>
From: Luke Mewburn <lukem@karybdis.lair.werj.com.au>
List: netbsd-bugs
Date: 09/15/1997 23:41:04
>Number:         4113
>Category:       bin
>Synopsis:       vi coredumps when 'set list' on some files
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Sep 15 06:50:01 1997
>Last-Modified:
>Originator:     Luke Mewburn
>Organization:
NetBSD foundation
>Release:        current-970913
>Environment:
System: NetBSD karybdis 1.2G NetBSD 1.2G (LUKEM) #7: Sun Aug 17 14:04:56 EST 1997 lukem@karybdis:/z/src/current/src/sys/arch/i386/compile/LUKEM i386


>Description:
	whilst editing /usr/src/bin/ksh/*.h (actually, c_test.h), i
	did a ':set list' to show tabs as ``^I'', then hit ^F to page
	down. I got an error:
		Error: move: l(4294967295) c(0) o(0)
	and a coredump.

	whipping out my trusty gdb, a backtrace reveals that
	vs_relative.c::vs_column() is at fault; at line 44 it's
	trying to dereference vip->sc_smap->coff when
	vip->sc_smap == NULL.

===>
> gdb /usr/src/usr.bin/vi/build/obj.i386/vi vi.core
GDB is free software and you are welcome to distribute copies of it
 under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.11 (i386-netbsd), Copyright 1993 Free Software Foundation, Inc...
Core was generated by `vi'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/libexec/ld.so...done.
Reading symbols from /usr/lib/libcurses.so.2.1...done.
Reading symbols from /usr/lib/libtermcap.so.0.0...done.
Reading symbols from /usr/lib/libc.so.12.17...done.
#0  0x37312 in vs_column (sp=0x46000, colp=0x46054)
    at /z/src/current/src/usr.bin/vi/build/../vi/vs_relative.c:43
43		*colp = (O_ISSET(sp, O_LEFTRIGHT) ?
(gdb) backtrace
#0  0x37312 in vs_column (sp=0x46000, colp=0x46054)
    at /z/src/current/src/usr.bin/vi/build/../vi/vs_relative.c:43
#1  0x328cd in vi (spp=0xf7bfd5e4)
    at /z/src/current/src/usr.bin/vi/build/../vi/vi.c:111
#2  0x1efea in editor (gp=0x42000, argc=20, argv=0xf7bfd76c)
    at /z/src/current/src/usr.bin/vi/build/../common/main.c:427
#3  0x26e4 in main (argc=20, argv=0xf7bfd768)
    at /z/src/current/src/usr.bin/vi/build/../cl/cl_main.c:113
(gdb) list
38	{
39		VI_PRIVATE *vip;
40	
41		vip = VIP(sp);
42	
43		*colp = (O_ISSET(sp, O_LEFTRIGHT) ?
44		    vip->sc_smap->coff : (vip->sc_smap->soff - 1) * sp->cols) +
45		    vip->sc_col - (O_ISSET(sp, O_NUMBER) ? O_NUMBER_LENGTH : 0);
46		return (0);
47	}
(gdb) print vip
$1 = (VI_PRIVATE *) 0x44200
(gdb) print vip->sc_smap
$2 = (SMAP *) 0x0
(gdb) quit
<===


>How-To-Repeat:
	cd /usr/src/bin/ksh
	vi c_test.h
	ESC :set list ESC
	^F

>Fix:
	dunno - give to bostic?. nvi 1.79 on solaris just locks up when
	I try the same file, so I assume its also got the problem.
>Audit-Trail:
>Unformatted: