Bug 249308 - col(1) segfaults with '\v'
Summary: col(1) segfaults with '\v'
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 12.1-RELEASE
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-09-14 12:26 UTC by Rajeev Pillai
Modified: 2020-09-14 15:56 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Rajeev Pillai 2020-09-14 12:26:18 UTC

    
Comment 1 Rajeev Pillai 2020-09-14 12:37:26 UTC
col(1) segfaults with this simple test case:

$ printf 'hello\vworld\n' | col
     world
Segmentation fault
$ sudo lldb col
(lldb) target create "col"
Current executable set to 'col' (x86_64).
(lldb) run
Process 73895 launching
Process 73895 launched: '/usr/home/rvp/work/col' (x86_64)
hello^Kworld
     world
Process 73895 stopped
* thread #1, name = 'col', stop reason = signal SIGSEGV: invalid address (fault address: 0x10)
    frame #0: 0x0000000000202f4d col`flush_lines(nflush=58) at col.c:371:14
   368  
   369          while (--nflush >= 0) {
   370                  l = lines;
-> 371                  lines = l->l_next;
   372                  if (l->l_line) {
   373                          flush_blanks();
   374                          flush_line(l);
(lldb) quit
Quitting LLDB will kill one or more processes. Do you really want to proceed: [Y/n] y
$ uname -a
FreeBSD X202E.localdomain 12.1-RELEASE-p9 FreeBSD 12.1-RELEASE-p9 GENERIC  amd64
$

Patch to fix this:
--- START PATCH ---
diff -urN a/col.c b/col.c
--- a/col.c     2019-11-01 00:02:51.000000000 +0000
+++ b/col.c     2020-09-14 11:34:11.054313000 +0000
@@ -366,7 +366,7 @@
 {
        LINE *l;
 
-       while (--nflush >= 0) {
+       while (--nflush >= 0 && lines) {
                l = lines;
                lines = l->l_next;
                if (l->l_line) {
--- END PATCH ---


-RVP