From owner-freebsd-bugs Mon Apr 14 14:00:03 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id OAA13955 for bugs-outgoing; Mon, 14 Apr 1997 14:00:03 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id OAA13942; Mon, 14 Apr 1997 14:00:01 -0700 (PDT) Date: Mon, 14 Apr 1997 14:00:01 -0700 (PDT) Message-Id: <199704142100.OAA13942@freefall.freebsd.org> To: freebsd-bugs Cc: From: Bill Fenner Subject: Re: bin/3170: vi freaks and dump core if user doesn't exist Reply-To: Bill Fenner Sender: owner-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk The following reply was made to PR bin/3170; it has been noted by GNATS. From: Bill Fenner To: freebsd-gnats-submit@freebsd.org, fenner@parc.xerox.com, bostic@bostic.com Cc: Subject: Re: bin/3170: vi freaks and dump core if user doesn't exist Date: Mon, 14 Apr 1997 13:48:08 PDT > How-To-Repeat > > I don't know if it's as simple as running yp, then killing ypbind > and editing a file. I doubt it. Surprise, surprise surprise. It is sufficient. Now I'm ashamed that I'm so lazy that I didn't try it until today =) The full how-to-repeat is: - Create a file owned by user foo - Remove user foo, either by having foo be in NIS and killing ypbind, or by editing the password file. - Edit the file owned by user foo - Move down a couple of lines (the dump sometimes doesn't happen if you don't do this) - Modify the file vi will die when it tries to warn you about the fact that the user doesn't exist so recovery won't work. I think the core dump is because we overran the stack. vs_paint() appears to be involved in infinite recursion (which explains the delay before the core). There are 74,879 instances of vs_paint() in the traceback; the rest is: #74879 0x3b9b7 in vs_paint (sp=0x4a000, flags=3) at /usr/src/usr.bin/vi/../../contrib/nvi/vi/vs_refresh.c:696 #74880 0x3acb8 in vs_refresh (sp=0x4a000, forcepaint=1) at /usr/src/usr.bin/vi/../../contrib/nvi/vi/vs_refresh.c:119 #74881 0x3206f in v_txt (sp=0x4a000, vp=0xefbfdb04, tm=0x0, lp=0x603d1 "", len=0, prompt=0, ai_line=3, rcount=1, flags=75793417) at /usr/src/usr.bin/vi/../../contrib/nvi/vi/v_txt.c:475 #74882 0x2e156 in io (sp=0x4a000, vp=0xefbfdb04, cmd=o_cmd) at /usr/src/usr.bin/vi/../../contrib/nvi/vi/v_itxt.c:248 #74883 0x2e018 in v_io (sp=0x4a000, vp=0xefbfdb04) at /usr/src/usr.bin/vi/../../contrib/nvi/vi/v_itxt.c:204 #74884 0x373ee in vi (spp=0xefbfdbe4) at /usr/src/usr.bin/vi/../../contrib/nvi/vi/vi.c:235 #74885 0xbbbe in editor (gp=0x48000, argc=2, argv=0xefbfdd5c) at /usr/src/usr.bin/vi/../../contrib/nvi/common/main.c:419 #74886 0x2544 in main (argc=2, argv=0xefbfdd58) at /usr/src/usr.bin/vi/../../contrib/nvi/cl/cl_main.c:148 vi does manage to display the +=+=+=+=+=+=+=+ Information on user id 5275 not found. Modifications not recoverable if the session fails messages, but does not get to the point of "press enter to continue". I think that vi is trying to display the rest of the text here, but I don't know enough of its architecture to grok what is really happening. Bill