vi.c coredump

walter harms wharms at bfs.de
Thu Jun 19 14:36:22 UTC 2008 

Hi list,
some news about the bug: It is present at least in 1.9.1 maybe earlier

It happens in insert_char when ENABLE_FEATURE_VI_SETOPTS is set

                p = stupid_insert(p, c);        // insert the char
#if ENABLE_FEATURE_VI_SETOPTS
                if (showmatch && strchr(")]}", *sp) != NULL) {
                        showmatching(sp);
                }
          if (autoindent && c == '\n') {  // auto indent the new line
                        char *q;

this code here assumes that is valid BUT /* please ignore the testcode */

                        if (p!=NULL) {
                        q = prev_line(p);       // use prev line as templet
                        for (; isblank(*q); q++) {
                                p = stupid_insert(p, *q);       // insert the char
                                }
                        } else {
                        printf("eeek\n");
                        }

this is not true. stupid_insert() can return NULL (see:text_hole_make() error path)

the crash can be prevented with "if (autoindent && c == '\n' && !p )" but i have no clue
what side effects that may have. Other occurrences of stupid_insert() should be visited also.

re,
 wh

ps: i am sorry i forget to add the backtrace last mail


walter harms wrote:
> hi list,
> i can produce a nasty bug in vi.
> I noticed it first with 10.3 but it seems to be present in earlier versions.
> 
> I can produce the bug this way:
> start vi
> goto insert mode
> select a screenfull of data with Xcursor
> clip data into vi
> <crash>
> Your mileage may vary; picking only a few data will cause no harm.
> 
> btw: it is very unlikely that the problem is related to the compiler
> since it happens on my desktop and in the embedded (non x86) system.
> 
> The following crash is with snapshot busybox-2008-03-04
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x08052895 in prev_line (p=0x0) at vi.c:1308
> 1308            if (p[-1] == '\n' && p > text)
> 
> 
> re,
>  wh
> 
> ps: the .config is attached
> 
> pps: i have reported the bug early because i guess that the c&p approach may be used
>      by more people.
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> busybox mailing list
> busybox at busybox.net
> http://busybox.net/cgi-bin/mailman/listinfo/busybox

More information about the busybox mailing list