old vi bug still alive ...
walter harms
wharms at bfs.de
Tue Nov 18 18:48:01 UTC 2008
hi list,
i was trying the lasted vi and found the old bug i found in this summer still alive.
how to reproduce
*compile vi with ENABLE_FEATURE_VI_SETOPTS
*start vi
*choose insert mode
*type <tab><anychar><CR>
use clip&paste to repeat that often
vi will intend the line to the right.
after some time vi crashes in this line
for (; isblank(*q); q++) {
q is the start of the previous line
q = prev_line(p);
but the results in the debugger are confusing
(gdb) p p
$37 = 0xb7cc8805 "\t\n"
(gdb) p prev_line(p)
$38 = 0xb7cc7dcf ' ' <repeats 200 times>...
(gdb) p q
$39 = 0x81afa14 <Address 0x81afa14 out of bounds>
i added a printf to see what happens to the pointer.
here the results of the last round:
size=234275 (size of buffer)
start=0x8176770 (start of buffer )
end=0x81afa92 (end of buffer)
p=0x81afa90 (current pos)
q=0x81af537 (begin last line)
e=0x81afa8f (end last line)
please note the p has nothing in common with p when the crash happens.
it looks like the buffer has been moved to an other location.
i have no idea how to make sense of this.
More information about the busybox
mailing list