NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/57630: vi coredump
The following reply was made to PR bin/57630; it has been noted by GNATS.
From: mlelstv%serpens.de@localhost (Michael van Elst)
To: gnats-bugs%netbsd.org@localhost
Cc:
Subject: Re: bin/57630: vi coredump
Date: Wed, 27 Sep 2023 16:00:55 -0000 (UTC)
he%NetBSD.org@localhost (Havard Eidnes) writes:
>> On Wed, Sep 27, 2023 at 02:55:35PM +0200, Havard Eidnes wrote:
>>> a<space><esc> (or just a<esc>, same result)
>>> :%s/^<space><space><enter>
>> =
>> no <space>es here, just <enter>
>Ah, yes, then I get
>~
>~
>[2] Segmentation fault (core dumped) vi
> $ =
The db routines (vi_db.c/vi_db1.c) can return a NULL pointer
for an empty line or when a buffer allocation fails which also
happens if the line is empty as we don't allocate a buffer is
the previous with length == 0 is sufficiently large.
The result is fed into regexec() which crashes.
Fixing the db code and possibly also the allocation code
throughout the source probably ends in rewriting nvi. So
I suggest to prevent regexec() from crashing, like:
Index: dist/regex/engine.c
===================================================================
RCS file: /cvsroot/src/external/bsd/nvi/dist/regex/engine.c,v
retrieving revision 1.3
diff -p -u -r1.3 engine.c
--- dist/regex/engine.c 7 Jan 2014 21:48:12 -0000 1.3
+++ dist/regex/engine.c 27 Sep 2023 16:00:10 -0000
@@ -150,6 +150,11 @@ int eflags;
const sopno gl = g->laststate;
RCHAR_T *start;
RCHAR_T *stop;
+ RCHAR_T empty[] = { REOF };
+
+ /* Input can be a NULL pointer, treat like an empty line. */
+ if (string == NULL)
+ string = empty;
/* simplify the situation where possible */
if (g->cflags®_NOSUB)
Home |
Main Index |
Thread Index |
Old Index