267537 – contrib/nvi: Fix core dump when tags file pattern has a trailing '\'

Bug 267537 - contrib/nvi: Fix core dump when tags file pattern has a trailing '\'

Summary: contrib/nvi: Fix core dump when tags file pattern has a trailing '\'

Status:	Closed Overcome By Events

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	bin (show other bugs)
Version:	CURRENT
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2022-11-03 06:28 UTC by Craig Leres
Modified:	2025-01-14 18:50 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
patch (416 bytes, patch) 2022-11-03 06:29 UTC, Craig Leres	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Craig Leres freebsd_committer

2022-11-03 06:28:31 UTC

If you create a tags file of a macro that ends with a '\' and tag for it, vi dumps core. For example:

    zinc 76 % cat test.h
    #define LATIN2PLAIN(ch) (((u_char)ch) >= 0x80 ? \
       pgm_read_byte_far(pgm_get_far_address(latin2plain) + \
       (((u_char)ch) - 0x80)) : (isprint(ch) ? (ch) : '_'))
    zinc 77 % ctags test.h
    zinc 78 % vi -t LATIN2PLAIN
    Segmentation fault

The problem is that the loop variable is unsigned (size_t) and it gets decremented twice: 1 -> 0 -> 4294967295

Here's the pull request that solves it for the github fork that the editors/nvi2 port uses:

    https://github.com/lichray/nvi2/pull/111

Comment 1 Craig Leres freebsd_committer

2022-11-03 06:29:09 UTC

Created attachment 237834 [details]
patch

Comment 2 Craig Leres freebsd_committer

2025-01-14 18:50:01 UTC

This fix was picked up via:

    commit 0fcececbac9880b092aeb56a41a16f1ec8ac1ae6
    Merge: 87534f95dd2e 16c0a3151e5f
    Author: Baptiste Daroussin <bapt@FreeBSD.org>
    Date:   Wed Sep 27 18:01:58 2023 +0200
 
        nvi: import version 2.2.1