NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

bin/57482: vi(1) crashes reproducibly with a one liner with wl=72 and ts=8

>Number:         57482
>Category:       bin
>Synopsis:       vi(1) crashes reproducibly with a one liner with wl=72 and ts=8
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jun 22 19:25:00 +0000 2023
>Originator:     Thierry LARONDE
>Release:        NetBSD 10.0_BETA
>Organization:
>Environment:
NetBSD cauchy.polynum.local 10.0_BETA NetBSD 10.0_BETA (cauchy) #0: Mon Feb 27 11:28:34 CET 2023  tlaronde@cauchy.polynum.local:/usr/obj/polynum.NODECONF-cauchy.polynum.local_netbsd-9.3-amd64_netbsd-amd64/netbsd/obj/sys/arch/amd64/compile/cauchy amd64

>Description:
vi(1) crashes reproducibly with a oneliner, when wl=72 and ts=8 are set
when trying to go to the end of the line with '$' or, setting ts=4,
then going to the end of line and then resetting ts=8.
     
bt provided by Martin Husemann:
     
#2  0x00000000009a54da in vs_paint (sp=sp@entry=0x6fb6f40de000,
    flags=flags@entry=3) at /work/src/external/bsd/nvi/dist/vi/vs_refresh.c:726
726                             abort(); /* XXX infinite recursion */
(gdb) list  
721                     abort();
722             }                       
723     #724             if (vip->sc_smap == NULL) {
725                     if (F_ISSET(sp, SC_SCR_REFORMAT))
726                             abort(); /* XXX infinite recursion */
727                     F_SET(sp, SC_SCR_REFORMAT);
728                     return (vs_paint(sp, flags));
729             }
730     #endif
#3  0x00000000009983de in vs_paint (sp=sp@entry=0x6fb6f40de000, flags=3)
    at /work/src/external/bsd/nvi/dist/vi/vs_refresh.c:728
#4  0x00000000009990d5 in vs_refresh (sp=sp@entry=0x6fb6f40de000,
    forcepaint=forcepaint@entry=0)
    at /work/src/external/bsd/nvi/dist/vi/vs_refresh.c:99
#5  0x00000000009941e6 in vi (spp=spp@entry=0x7f7fffe31740)
    at /work/src/external/bsd/nvi/dist/vi/vi.c:115
#6  0x000000000097bdf8 in editor (wp=wp@entry=0x6fb6f40f1000,
    argc=<optimized out>, argc@entry=2, argv=<optimized out>,
    argv@entry=0x7f7fffe319c8)  
    at /work/src/external/bsd/nvi/dist/common/main.c:436
#7  0x00000000009a5864 in main (argc=2, argv=0x7f7fffe319c8)
    at /work/src/external/bsd/nvi/dist/cl/cl_main.c:134

>How-To-Repeat:
env EXINIT='set nu showmatch ts=8 wl=72' vi /tmp/vi_crasher.txt

$ vis -w /tmp/vi_crasher.txt:

\011\011v_stack[nval].ival\040=\040v_stack[nval-1].ival\040+\040v_stack[nval-1].len\011\012
>Fix:
Home | Main Index | Thread Index | Old Index