[Bug 12561] New: busybox vi segfault when randomly deleting lines and undoing

Tue Feb 18 11:27:49 UTC 2020

https://bugs.busybox.net/show_bug.cgi?id=12561

            Bug ID: 12561
           Summary: busybox vi segfault when randomly deleting lines and
                    undoing
           Product: Busybox
           Version: 1.30.x
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Other
          Assignee: unassigned at busybox.net
          Reporter: rainer.canavan+busybox at avenga.com
                CC: busybox-cvs at busybox.net
  Target Milestone: ---

busybox vi reproducably segfaults when "randomly" deleting lines and undoing
those changes. Observed with busybox-static 1.27.2-2ubuntu7 on Ubuntu Disco and 
busybox-1.30.1-r3 on alpine

How to reproduce: File edited is 557 bytes and 25 lines of JSON

busybox vi <filename>

randomly input any of the following commands

7dd
k
j
dd
u

preferrably such that the deleted sections overlap, but are not identical to
those restored by a preceding undo

(gdb) bt full
#0  0x00000000004685b9 in __memmove_avx_unaligned_erms ()
No symbol table info available.
#1  0x0000000000583e17 in memmove (__len=<optimized out>, __src=0x5fe3e6,
__dest=0x5fe443) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:40
No locals.
#2  text_hole_make (
    p=p at entry=0x5fe3e6 "71d6ef8\",\n    \"host\":  "..., size=93) at
editors/vi.c:2488
        bias = 0
#3  0x0000000000586d0b in undo_pop () at editors/vi.c:2399
        repeat = <optimized out>
        u_start = 0x5fe3e6 "71d6ef8\",\n    \"host\": \"...
        u_end = <optimized out>
        undo_entry = 0x6018f0
        repeat = <optimized out>
        u_start = <optimized out>
        u_end = <optimized out>
        undo_entry = <optimized out>
#4  do_cmd (c=c at entry=117) at editors/vi.c:3697
        p = 0x5fe362 ' ' <repeats 69 times>
        q = 0x5fac48 ""
        save_dot = <optimized out>
        buf = '\000' <repeats 11 times>
        dir = <optimized out>
        cnt = <optimized out>
        i = <optimized out>
        j = <optimized out>
        c1 = <optimized out>
#5  0x0000000000588162 in edit_file (fn=<optimized out>) at editors/vi.c:880
        c = 117
        sig = <optimized out>
#6  0x00000000005882c2 in vi_main (argc=1, argv=0x7fffffffdbc8) at
editors/vi.c:701
        c = <optimized out>
#7  0x000000000050f34e in run_applet_no_and_exit (applet_no=239,
name=name at entry=0x7fffffffdf9e "vi", argv=argv at entry=0x7fffffffdbc0) at
libbb/appletlib.c:916
        argc = 2
#8  0x000000000050f64f in run_applet_and_exit (name=0x7fffffffdf9e "vi",
argv=argv at entry=0x7fffffffdbc0) at libbb/appletlib.c:934
        applet = <optimized out>
#9  0x000000000050f632 in busybox_main (argv=0x7fffffffdbc0) at
libbb/appletlib.c:875
        a = <optimized out>
        col = <optimized out>
        output_width = <optimized out>
        len2 = <optimized out>
        i = <optimized out>
        a = <optimized out>
        v = <optimized out>
        use_symbolic_links = <optimized out>
        busybox = <optimized out>
#10 run_applet_and_exit (name=<optimized out>, argv=argv at entry=0x7fffffffdbb8)
at libbb/appletlib.c:927
No locals.
#11 0x000000000050f6dd in main (argc=<optimized out>, argv=0x7fffffffdbb8) at
libbb/appletlib.c:1032
No locals.

-- 
You are receiving this mail because:
You are on the CC list for the bug.