[Bug 249308] col(1) segfaults with '\v'

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=249308

--- Comment #1 from Rajeev Pillai <rajeev_v_pillai at yahoo.com> ---
col(1) segfaults with this simple test case:

$ printf 'hello\vworld\n' | col
     world
Segmentation fault
$ sudo lldb col
(lldb) target create "col"
Current executable set to 'col' (x86_64).
(lldb) run
Process 73895 launching
Process 73895 launched: '/usr/home/rvp/work/col' (x86_64)
hello^Kworld
     world
Process 73895 stopped
* thread #1, name = 'col', stop reason = signal SIGSEGV: invalid address (fault
address: 0x10)
    frame #0: 0x0000000000202f4d col`flush_lines(nflush=58) at col.c:371:14
   368  
   369          while (--nflush >= 0) {
   370                  l = lines;
-> 371                  lines = l->l_next;
   372                  if (l->l_line) {
   373                          flush_blanks();
   374                          flush_line(l);
(lldb) quit
Quitting LLDB will kill one or more processes. Do you really want to proceed:
[Y/n] y
$ uname -a
FreeBSD X202E.localdomain 12.1-RELEASE-p9 FreeBSD 12.1-RELEASE-p9 GENERIC 
amd64
$

Patch to fix this:
--- START PATCH ---
diff -urN a/col.c b/col.c
--- a/col.c     2019-11-01 00:02:51.000000000 +0000
+++ b/col.c     2020-09-14 11:34:11.054313000 +0000
@@ -366,7 +366,7 @@
 {
        LINE *l;

-       while (--nflush >= 0) {
+       while (--nflush >= 0 && lines) {
                l = lines;
                lines = l->l_next;
                if (l->l_line) {
--- END PATCH ---


-RVP

-- 
You are receiving this mail because:
You are the assignee for the bug.