Date: Sat, 4 Aug 2007 01:29:57 +0200 From: Pieter de Goeje <pieter@degoeje.nl> To: freebsd-stable@freebsd.org Cc: Xin LI <delphij@delphij.net>, Ted Hatfield <ted@pat.io.com> Subject: Re: Bug in less version 406. Message-ID: <200708040129.58761.pieter@degoeje.nl> In-Reply-To: <46B34DEC.10902@delphij.net> References: <20070802114827.U26646@pat.io.com> <46B25263.6070503@menhennitt.com.au> <46B34DEC.10902@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--Boundary-00=_2p7sG0h3guaBUW5
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
On Friday 03 August 2007, Xin LI wrote:
> Graham Menhennitt wrote:
> > Ted Hatfield wrote:
> >> Using less -E or more to display a file that is less than a full page,
> >> while then displaying a nonexistent file causes a segmentation fault.
> >>
> >> For example on a newly built system you can
> >>
> >> less -E /etc/group bogusfile
> >>
> >>
> >> This will display the file ending with
> >>
> >> /etc/group (file 1 of 2) (END) - Next: bogusfile
> >>
> >> when you press space or return it gives
> >>
> >> Segmentation fault: 11
> >
> > I can reproduce it using "more" but not "less -E". This is on -Current
> > as of a week or so ago. TERM=xterm.
>
> I can reliably reproduce this with less -E on both -CURRENT and
> -STABLE... :S I need to do an operation on my eye this weekend so I
> have to wait a couple of days until I can recover from this.
Less keeps an internal filestate associated with each opened file. However
before opening the bogus file, it free()s the state. Less then notices that
the bogus file can't be opened, calls error(), which does some calculations
on the filestate ('thisfile' in ch.c) and crashes (Use after free). I have
written a workaround (attached) that moves the error() call below the
reinitialization of the previous state.
FYI it doesn't crash on the first file because any_display is not yet TRUE,
which causes error() to ignore the filestate.
There's also another regression in less: it doesn't automatically repaint the
screen anymore when you resize the terminal.
Regards,
Pieter de Goeje
--Boundary-00=_2p7sG0h3guaBUW5
Content-Type: text/x-diff;
charset="iso-8859-1";
name="less-406-patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="less-406-patch"
--- contrib/less/edit.c.orig 2007-07-03 15:02:06.000000000 +0200
+++ contrib/less/edit.c 2007-08-04 01:03:43.000000000 +0200
@@ -308,8 +308,6 @@
/*
* It looks like a bad file. Don't try to open it.
*/
- error("%s", &parg);
- free(parg.p_string);
err1:
if (alt_filename != NULL)
{
@@ -331,6 +329,13 @@
quit(QUIT_ERROR);
}
reedit_ifile(was_curr_ifile);
+
+ /*
+ * Cannot print the error if filestate isn't initialized.
+ */
+ error("%s", &parg);
+ free(parg.p_string);
+
return (1);
} else if ((f = open(qopen_filename, OPEN_READ)) < 0)
{
@@ -338,8 +343,6 @@
* Got an error trying to open it.
*/
parg.p_string = errno_message(filename);
- error("%s", &parg);
- free(parg.p_string);
goto err1;
} else
{
--Boundary-00=_2p7sG0h3guaBUW5--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200708040129.58761.pieter>