Bug in less version 406.

Pieter de Goeje pieter at degoeje.nl
Fri Aug 3 16:30:20 PDT 2007

On Friday 03 August 2007, Xin LI wrote:
> Graham Menhennitt wrote:
> > Ted Hatfield wrote:
> >> Using less -E or more to display a file that is less than a full page,
> >> while then displaying a nonexistent file causes a segmentation fault.
> >>
> >> For example on a newly built system you can
> >>
> >> less -E /etc/group bogusfile
> >>
> >>
> >> This will display the file ending with
> >>
> >> /etc/group (file 1 of 2) (END) - Next: bogusfile
> >>
> >> when you press space or return it gives
> >>
> >> Segmentation fault: 11
> >
> > I can reproduce it using "more" but not "less -E". This is on -Current
> > as of a week or so ago. TERM=xterm.
> I can reliably reproduce this with less -E on both -CURRENT and
> -STABLE... :S  I need to do an operation on my eye this weekend so I
> have to wait a couple of days until I can recover from this.
Less keeps an internal filestate associated with each opened file. However 
before opening the bogus file, it free()s the state. Less then notices that 
the bogus file can't be opened, calls error(), which does some calculations 
on the filestate ('thisfile' in ch.c) and crashes (Use after free). I have 
written a workaround (attached) that moves the error() call below the 
reinitialization of the previous state.
FYI it doesn't crash on the first file because any_display is not yet TRUE, 
which causes error() to ignore the filestate.

There's also another regression in less: it doesn't automatically repaint the 
screen anymore when you resize the terminal.

Pieter de Goeje
-------------- next part --------------
A non-text attachment was scrubbed...
Name: less-406-patch
Type: text/x-diff
Size: 775 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20070803/9157878d/less-406-patch.bin

More information about the freebsd-stable mailing list