Bug in less version 406.
Pieter de Goeje
pieter at degoeje.nl
Fri Aug 3 16:30:20 PDT 2007
On Friday 03 August 2007, Xin LI wrote:
> Graham Menhennitt wrote:
> > Ted Hatfield wrote:
> >> Using less -E or more to display a file that is less than a full page,
> >> while then displaying a nonexistent file causes a segmentation fault.
> >> For example on a newly built system you can
> >> less -E /etc/group bogusfile
> >> This will display the file ending with
> >> /etc/group (file 1 of 2) (END) - Next: bogusfile
> >> when you press space or return it gives
> >> Segmentation fault: 11
> > I can reproduce it using "more" but not "less -E". This is on -Current
> > as of a week or so ago. TERM=xterm.
> I can reliably reproduce this with less -E on both -CURRENT and
> -STABLE... :S I need to do an operation on my eye this weekend so I
> have to wait a couple of days until I can recover from this.
Less keeps an internal filestate associated with each opened file. However
before opening the bogus file, it free()s the state. Less then notices that
the bogus file can't be opened, calls error(), which does some calculations
on the filestate ('thisfile' in ch.c) and crashes (Use after free). I have
written a workaround (attached) that moves the error() call below the
reinitialization of the previous state.
FYI it doesn't crash on the first file because any_display is not yet TRUE,
which causes error() to ignore the filestate.
There's also another regression in less: it doesn't automatically repaint the
screen anymore when you resize the terminal.
Pieter de Goeje
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 775 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20070803/9157878d/less-406-patch.bin
More information about the freebsd-stable