old vi bug still alive ...

walter harms wharms at bfs.de
Tue Nov 18 18:48:01 UTC 2008


hi list,
i was trying the lasted vi and found the old bug i found in this summer still alive.

how to reproduce
*compile vi with ENABLE_FEATURE_VI_SETOPTS
*start vi
*choose insert mode
*type <tab><anychar><CR>
use clip&paste to repeat that often
vi will intend the line to the right.
after some time vi crashes in this line

 	for (; isblank(*q); q++) {

q is the start of the previous line
	q = prev_line(p);

but the results in the debugger are confusing
(gdb)  p p
$37 = 0xb7cc8805 "\t\n"
(gdb)  p prev_line(p)
$38 = 0xb7cc7dcf ' ' <repeats 200 times>...
(gdb) p q
$39 = 0x81afa14 <Address 0x81afa14 out of bounds>

i added a printf to see what happens to the pointer.
here the results of the last round:

size=234275     (size of buffer)
start=0x8176770 (start of buffer )
end=0x81afa92   (end of buffer)
p=0x81afa90     (current pos)
q=0x81af537     (begin last line)
e=0x81afa8f     (end last line)

please note the p has nothing in common with p when the crash happens.
it looks like the buffer has been moved to an other location.

i have no idea how to make sense of this.









More information about the busybox mailing list