>Number: 53164
>Category: bin
>Synopsis: vi coredump when viewing binary file
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Apr 07 12:00:00 +0000 2018
>Originator: Tobias Ulmer
>Release: NetBSD 8.99.14
>Organization:
>Environment:
NetBSD phenom.tmux.org 8.99.14 NetBSD 8.99.14 (GENERIC) #0: Wed Apr 4 10:17:52 UTC 2018 mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
vi is calling abort() in vs_refresh.c when viewing binary files.
I'm guessing this is due to recentish multibyte changes.
(gdb) bt
#0 0x0000747106b1d38a in _lwp_kill () from /usr/lib/libc.so.12
#1 0x0000747106b1d017 in abort () from /usr/lib/libc.so.12
#2 0x000000011d04778e in vs_paint (sp=sp@entry=0x747107522000, flags=flags@entry=3) at /usr/src/external/bsd/nvi/dist/vi/vs_refresh.c:726
#3 0x000000011d046c5a in vs_paint (sp=sp@entry=0x747107522000, flags=3) at /usr/src/external/bsd/nvi/dist/vi/vs_refresh.c:728
#4 0x000000011d047966 in vs_refresh (sp=sp@entry=0x747107522000, forcepaint=forcepaint@entry=0) at /usr/src/external/bsd/nvi/dist/vi/vs_refresh.c:99
#5 0x000000011d042e73 in vi (spp=spp@entry=0x7f7fff18b070) at /usr/src/external/bsd/nvi/dist/vi/vi.c:112
#6 0x000000011d02bc7e in editor (wp=0x747107502400, argc=<optimized out>, argv=<optimized out>) at /usr/src/external/bsd/nvi/dist/common/main.c:436
#7 0x000000011d053996 in main (argc=2, argv=0x7f7fff18b2e0) at /usr/src/external/bsd/nvi/dist/cl/cl_main.c:134
711 done_cursor:
712 /*
713 * Sanity checking. When the repainting code messes up, the usual
714 * result is we don't repaint the cursor and so sc_smap will be
715 * NULL. If we're debugging, die, otherwise restart from scratch.
716 */
717 #ifdef DEBUG
718 if (vip->sc_smap == NULL) {
719 fprintf(stderr, "smap error\n");
720 sleep(100);
721 abort();
722 }
723 #else
724 if (vip->sc_smap == NULL) {
725 if (F_ISSET(sp, SC_SCR_REFORMAT))
726 abort(); /* XXX */
727 F_SET(sp, SC_SCR_REFORMAT);
728 return (vs_paint(sp, flags));
729 }
730 #endif
Line 726 is new (rev 1.7) and not present in the latest nvi nor in Free/Open.
The new behavior contradicts the comment after done_cursor.
Playing around, there seem to be other issues as well.
The modeline cursor column (curcol) goes wildly out of range,
scrolling stops working somewhat, the screens isn't redrawn properly,
the vip pointer gets corrupted resulting in a segfault from time to time,
etc.
>How-To-Repeat:
Open /usr/bin/gdb in vi and quickly scroll around with j/k/page up/down.
I'm using urxvt over ssh.
>Fix: