[Bug 267537] contrib/nvi: Fix core dump when tags file pattern has a trailing '\'
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 267537] contrib/nvi: Fix core dump when tags file pattern has a trailing '\'"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 267537] contrib/nvi: Fix core dump when tags file pattern has a trailing '\'"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 267537] contrib/nvi: Fix core dump when tags file pattern has a trailing '\'"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 267537] contrib/nvi: Fix core dump when tags file pattern has a trailing '\'"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 03 Nov 2022 06:28:31 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267537
Bug ID: 267537
Summary: contrib/nvi: Fix core dump when tags file pattern has
a trailing '\'
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: bin
Assignee: bugs@FreeBSD.org
Reporter: leres@freebsd.org
If you create a tags file of a macro that ends with a '\' and tag for it, vi
dumps core. For example:
zinc 76 % cat test.h
#define LATIN2PLAIN(ch) (((u_char)ch) >= 0x80 ? \
pgm_read_byte_far(pgm_get_far_address(latin2plain) + \
(((u_char)ch) - 0x80)) : (isprint(ch) ? (ch) : '_'))
zinc 77 % ctags test.h
zinc 78 % vi -t LATIN2PLAIN
Segmentation fault
The problem is that the loop variable is unsigned (size_t) and it gets
decremented twice: 1 -> 0 -> 4294967295
Here's the pull request that solves it for the github fork that the
editors/nvi2 port uses:
https://github.com/lichray/nvi2/pull/111
--
You are receiving this mail because:
You are the assignee for the bug.