>Number:         14271
>Category:       bin
>Synopsis:       /usr/bin/vi has format string bug while saving files
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Oct 16 22:50:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Tomoaki IMAMURA
>Release:        i386 -current on Mon Oct 15 10:50:16
>Organization:
Fujitsu Network Information Center
>Environment:
NetBSD yuppy.nic.fujitsu.co.jp 1.5Y NetBSD 1.5Y (YUPPY) #1: Mon Oct 15 10:50:16 JST 2001     yu@yuppy.nic.fujitsu.co.jp:/work/src/sys/arch/i386/compile/YUPPY i386

>Description:
% /usr/bin/vi %g
:wq!
5.90047e-270: new file: 0 lines, 0 characters.
% /usr/bin/vi %n
:wq!
Segmentation fault(core dumped)

gdb stacktrace:
#0  0x4812b180 in vfprintf () from /usr/lib/libc.so.12
#1  0x4811712c in vsnprintf () from /usr/lib/libc.so.12
#2  0x80656fe in msgq (sp=0x808f000, mt=M_INFO, 
    fmt=0xbfbfcc68 "%n: 0 lines, 0 characters")
    at /work/src/usr.bin/vi/build/../common/msg.c:290
#3  0x8061503 in file_write (sp=0x808f000, fm=0x808c0e4, tm=0x808c0ec, 
    name=0x0, flags=1) at /work/src/usr.bin/vi/build/../common/exf.c:980
#4  0x805fd51 in exwr (sp=0x808f000, cmdp=0x808c080, cmd=WRITE)
    at /work/src/usr.bin/vi/build/../ex/ex_write.c:270
#5  0x805f9ba in ex_write (sp=0x808f000, cmdp=0x808c080)
    at /work/src/usr.bin/vi/build/../ex/ex_write.c:98
#6  0x804f9c3 in ex_cmd (sp=0x808f000)
    at /work/src/usr.bin/vi/build/../ex/ex.c:1374
#7  0x806ceb3 in v_ex (sp=0x808f000, vp=0xbfbfd28c) at /usr/include/stdio.h:418
#8  0x8076854 in vi (spp=0xbfbfd334)
    at /work/src/usr.bin/vi/build/../vi/vi.c:227
#9  0x8064d3d in editor (gp=0x808c000, argc=2, argv=0xbfbfd53c)
    at /work/src/usr.bin/vi/build/../common/main.c:444
#10 0x804b2c0 in main (argc=2, argv=0xbfbfd538)
    at /work/src/usr.bin/vi/build/../cl/cl_main.c:159
#11 0x804a410 in ___start ()

>How-To-Repeat:
see above.

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted: