Bug 267537

Summary: contrib/nvi: Fix core dump when tags file pattern has a trailing '\'
Product: Base System Reporter: Craig Leres <leres>
Component: binAssignee: freebsd-bugs (Nobody) <bugs>
Status: New ---    
Severity: Affects Only Me CC: bapt, emaste
Priority: ---    
Version: CURRENT   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
patch none

Description Craig Leres freebsd_committer freebsd_triage 2022-11-03 06:28:31 UTC 
If you create a tags file of a macro that ends with a '\' and tag for it, vi dumps core. For example:

    zinc 76 % cat test.h
    #define LATIN2PLAIN(ch) (((u_char)ch) >= 0x80 ? \
       pgm_read_byte_far(pgm_get_far_address(latin2plain) + \
       (((u_char)ch) - 0x80)) : (isprint(ch) ? (ch) : '_'))
    zinc 77 % ctags test.h
    zinc 78 % vi -t LATIN2PLAIN
    Segmentation fault

The problem is that the loop variable is unsigned (size_t) and it gets decremented twice: 1 -> 0 -> 4294967295

Here's the pull request that solves it for the github fork that the editors/nvi2 port uses:

    https://github.com/lichray/nvi2/pull/111
Comment 1 Craig Leres freebsd_committer freebsd_triage 2022-11-03 06:29:09 UTC 
Created attachment 237834 [details]
patch