Bug 249308 - col(1) segfaults with '\v'
Summary: col(1) segfaults with '\v'
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 12.1-RELEASE
Hardware: Any Any
: --- Affects Many People
Assignee: Mark Johnston
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-09-14 12:26 UTC by Rajeev Pillai
Modified: 2020-10-30 14:52 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Rajeev Pillai 2020-09-14 12:26:18 UTC

    
Comment 1 Rajeev Pillai 2020-09-14 12:37:26 UTC
col(1) segfaults with this simple test case:

$ printf 'hello\vworld\n' | col
     world
Segmentation fault
$ sudo lldb col
(lldb) target create "col"
Current executable set to 'col' (x86_64).
(lldb) run
Process 73895 launching
Process 73895 launched: '/usr/home/rvp/work/col' (x86_64)
hello^Kworld
     world
Process 73895 stopped
* thread #1, name = 'col', stop reason = signal SIGSEGV: invalid address (fault address: 0x10)
    frame #0: 0x0000000000202f4d col`flush_lines(nflush=58) at col.c:371:14
   368  
   369          while (--nflush >= 0) {
   370                  l = lines;
-> 371                  lines = l->l_next;
   372                  if (l->l_line) {
   373                          flush_blanks();
   374                          flush_line(l);
(lldb) quit
Quitting LLDB will kill one or more processes. Do you really want to proceed: [Y/n] y
$ uname -a
FreeBSD X202E.localdomain 12.1-RELEASE-p9 FreeBSD 12.1-RELEASE-p9 GENERIC  amd64
$

Patch to fix this:
--- START PATCH ---
diff -urN a/col.c b/col.c
--- a/col.c     2019-11-01 00:02:51.000000000 +0000
+++ b/col.c     2020-09-14 11:34:11.054313000 +0000
@@ -366,7 +366,7 @@
 {
        LINE *l;
 
-       while (--nflush >= 0) {
+       while (--nflush >= 0 && lines) {
                l = lines;
                lines = l->l_next;
                if (l->l_line) {
--- END PATCH ---


-RVP
Comment 2 Rajeev Pillai 2020-09-28 10:28:33 UTC
Hopefully, this bug will be fixed before FreeBSD 12.2 is released.
Comment 3 Ed Maste freebsd_committer 2020-10-05 21:51:37 UTC
https://reviews.freebsd.org/D26536
Comment 4 commit-hook freebsd_committer 2020-10-09 15:28:06 UTC
A commit references this bug:

Author: markj
Date: Fri Oct  9 15:27:39 UTC 2020
New revision: 366577
URL: https://svnweb.freebsd.org/changeset/base/366577

Log:
  col(1): Fix a couple of bugs

  - When flushing extra lines after all input has been processed, make
    sure that local state is reinitialized correctly.
  - When -f is specified, make sure to end output with a full newline.
  - Fix some style issues and update comments.
  - Add some regression tests.

  PR:		249308
  Submitted by:	Yang Zhong <yzhong@freebsdfoundation.org>
  MFC after:	3 weeks
  Sponsored by:	The FreeBSD Foundation
  Differential Revision:  https://reviews.freebsd.org/D26536

Changes:
  head/usr.bin/col/col.c
  head/usr.bin/col/tests/Makefile
  head/usr.bin/col/tests/col_test.sh
  head/usr.bin/col/tests/hlf.in
  head/usr.bin/col/tests/hlf2.in
  head/usr.bin/col/tests/nl.in
  head/usr.bin/col/tests/nl2.in
  head/usr.bin/col/tests/nl3.in
  head/usr.bin/col/tests/rlf3.in
Comment 5 Rajeev Pillai 2020-10-10 05:59:06 UTC
Patch works fine for me. This bug can be marked as closed.
Comment 6 commit-hook freebsd_committer 2020-10-30 14:41:57 UTC
A commit references this bug:

Author: markj
Date: Fri Oct 30 14:41:21 UTC 2020
New revision: 367171
URL: https://svnweb.freebsd.org/changeset/base/367171

Log:
  MFC r366577:
  col(1): Fix a couple of bugs

  PR:	249308

Changes:
_U  stable/12/
  stable/12/usr.bin/col/col.c
  stable/12/usr.bin/col/tests/Makefile
  stable/12/usr.bin/col/tests/col_test.sh
  stable/12/usr.bin/col/tests/hlf.in
  stable/12/usr.bin/col/tests/hlf2.in
  stable/12/usr.bin/col/tests/nl.in
  stable/12/usr.bin/col/tests/nl2.in
  stable/12/usr.bin/col/tests/nl3.in
  stable/12/usr.bin/col/tests/rlf3.in
Comment 7 Mark Johnston freebsd_committer 2020-10-30 14:52:26 UTC
(In reply to Rajeev Pillai from comment #2)
Sorry, this didn't make it in time for 12.2, but the change is now in stable/12.