[Bug 4153] New: vi: recursion of do_cmd leads to easy crashes

bugzilla at busybox.net bugzilla at busybox.net
Thu Sep 8 18:36:44 UTC 2011


https://bugs.busybox.net/show_bug.cgi?id=4153

           Summary: vi: recursion of do_cmd leads to easy crashes
           Product: Busybox
           Version: 1.19.x
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: Other
        AssignedTo: unassigned at busybox.net
        ReportedBy: ianw at vmware.com
                CC: busybox-cvs at busybox.net
   Estimated Hours: 0.0


If you simply type "123456j" then you'll crash busybox vi

The problem is the blind recursion in do_cmd, where you recurse without bound
based on 'cmdcnt'

---
    case 10:            // Newline ^J
    case 'j':            // j- goto next line, same col
    case KEYCODE_DOWN:    // cursor key Down
        if (--cmdcnt > 0) {
            do_cmd(c);
        }
        dot_next();        // go to next B-o-l
        dot = move_to_col(dot, ccol + offset);    // try stay in same col
        break;
---

several commands seem to follow this idiom and thus have the same issue.

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the busybox-cvs mailing list