Bug 12550

Summary: bc overflour
Product: Base System Reporter: Vladimir Tchoukharev <chu>
Component: gnuAssignee: Nick Hibma <n_hibma>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 3.2-STABLE   
Hardware: Any   
OS: Any   

Description Vladimir Tchoukharev 1999-07-07 17:40:01 UTC 
bc (bc(1) - An arbitrary precision calculator language) dumps core 
on long line input (127 chars or more). The input doesn't matter.

Fix: 

Regret, didn't find (yet).
How-To-Repeat: 
$ bc -l
bc 1.04

Copyright (C) 1991, 1992, 1993, 1994, 1997 Free Software Foundation, Inc.
This is free software with ABSOLUTELY NO WARRANTY.
For details type `warranty'. 
123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012
3456789012345678901234567
Segmentation fault (core dumped)

$ cd /src/gnu/usr.bin/bc
$ file bc
bc: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD), dynamically linked, not stripped
$ gdb bc ~/bc.core 
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
(no debugging symbols found)...
Core was generated by `bc'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libreadline.so.3...
(no debugging symbols found)...done.
Reading symbols from /usr/lib/libtermcap.so.2...(no debugging symbols found)...
done.
Reading symbols from /usr/lib/libc.so.3...(no debugging symbols found)...done.
Reading symbols from /usr/libexec/ld-elf.so.1...(no debugging symbols found)...
done.
#0  0x280e6378 in strncpy () from /usr/lib/libc.so.3
(gdb) bt
#0  0x280e6378 in strncpy () from /usr/lib/libc.so.3
#1  0x804be82 in rl_input ()
#2  0x804c7e8 in yy_get_next_buffer ()
#3  0x804c5b5 in yylex ()
#4  0x8048dd1 in yyparse ()
#5  0x804bbff in main ()
#6  0x8048bbd in _start ()
(gdb) q
Comment 1 nick.hibma 1999-07-08 18:27:19 UTC 
This problem is reproducible on CURRENT from last week.

Nick
-- 
ISIS/STA, T.P.270, Joint Research Centre, 21020 Ispra, Italy
Comment 2 nick.hibma 1999-07-24 19:22:15 UTC 
Could you try the following patch?

--- /usr/src/contrib/bc/bc/scan.l.orig  Sat Jul 24 20:19:04 1999
+++ /usr/src/contrib/bc/bc/scan.l       Sat Jul 24 20:17:02 1999
@@ -60,7 +60,7 @@
 /* Variables to help interface readline with bc. */
 static char *rl_line = (char *)NULL;
 static char *rl_start = (char *)NULL;
-static char rl_len = 0;
+static int  rl_len = 0;
 
 /* Definitions for readline access. */
 extern FILE *rl_instream;

And let me know whether that works for you?

For the record, this patch has also been sent off to
Philip A. Nelson <phil@cs.wwu.edu>, the maintainer of bc.

Cheers,

Nick
-- 
ISIS/STA, T.P.270, Joint Research Centre, 21020 Ispra, Italy
Comment 3 Nick Hibma freebsd_committer freebsd_triage 1999-07-24 19:26:23 UTC 
State Changed
From-To: open->feedback

Bug fix posted, maybe he is willing to try it.
Comment 4 Nick Hibma freebsd_committer freebsd_triage 1999-07-24 19:26:23 UTC 
Responsible Changed
From-To: freebsd-bugs->n_hibma

Remind me to apply the patch and close it.
Comment 5 Nick Hibma freebsd_committer freebsd_triage 1999-07-28 19:00:23 UTC 
State Changed
From-To: feedback->closed

Committed. Thanks!