mg(1) segfaults on scroll-down

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

mg(1) segfaults on scroll-down

Kaspars Bankovskis
Hi,

to reproduce the issue:

(1) start mg and press Enter, until you fill up the screen and it goes
on to the next screen.
(2) type in at least one character
(3) press M-v (or execute command scroll-down)
(4) mg core dumps.

(gdb) bt
#0  0x000016b305e0e014 in update (modelinecolor=2) at /usr/src/usr.bin/mg/display.c:528
#1  0x000016b305e1be69 in main (argc=0, argv=0x7f7ffffd18b0) at /usr/src/usr.bin/mg/main.c:178

It seems to me this is since r1.36 of basic.c.
At least if I comment those two added lines, it doesn't crash anymore.
But of course, this is not a fix, as that commit was supposed to fix
other issues.

Index: basic.c
===================================================================
RCS file: /cvs/src/usr.bin/mg/basic.c,v
retrieving revision 1.43
diff -u -p -r1.43 basic.c
--- basic.c 16 Nov 2014 04:16:41 -0000 1.43
+++ basic.c 18 Mar 2015 11:27:35 -0000
@@ -372,8 +372,10 @@ backpage(int f, int n)
 
  /* Move the dot the slow way, for line nos */
  while (curwp->w_dotp != lp2) {
+ /*
                 if (curwp->w_dotline <= curwp->w_ntrows)
                         return (TRUE);
+ */
  curwp->w_dotp = lback(curwp->w_dotp);
  curwp->w_dotline--;
  }

Reply | Threaded
Open this post in threaded view
|

Re: mg(1) segfaults on scroll-down

Florian Obser-2
Hi,

On Wed, Mar 18, 2015 at 01:35:08PM +0200, Kaspars Bankovskis wrote:

> Hi,
>
> to reproduce the issue:
>
> (1) start mg and press Enter, until you fill up the screen and it goes
> on to the next screen.
> (2) type in at least one character
> (3) press M-v (or execute command scroll-down)
> (4) mg core dumps.
>
> (gdb) bt
> #0  0x000016b305e0e014 in update (modelinecolor=2) at /usr/src/usr.bin/mg/display.c:528
> #1  0x000016b305e1be69 in main (argc=0, argv=0x7f7ffffd18b0) at /usr/src/usr.bin/mg/main.c:178
>
> It seems to me this is since r1.36 of basic.c.
> At least if I comment those two added lines, it doesn't crash anymore.
> But of course, this is not a fix, as that commit was supposed to fix
> other issues.

Thanks for tracking this down.

>
> Index: basic.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/mg/basic.c,v
> retrieving revision 1.43
> diff -u -p -r1.43 basic.c
> --- basic.c 16 Nov 2014 04:16:41 -0000 1.43
> +++ basic.c 18 Mar 2015 11:27:35 -0000
> @@ -372,8 +372,10 @@ backpage(int f, int n)
>  
>   /* Move the dot the slow way, for line nos */
>   while (curwp->w_dotp != lp2) {
> + /*
>                  if (curwp->w_dotline <= curwp->w_ntrows)
>                          return (TRUE);
> + */
>   curwp->w_dotp = lback(curwp->w_dotp);
>   curwp->w_dotline--;
>   }
>

If we exit the loop early we need to clean up after ourselfs:
OK?

diff --git basic.c basic.c
index fdbb364..9607d64 100644
--- basic.c
+++ basic.c
@@ -378,10 +378,11 @@ backpage(int f, int n)
  /* Move the dot the slow way, for line nos */
  while (curwp->w_dotp != lp2) {
                 if (curwp->w_dotline <= curwp->w_ntrows)
-                        return (TRUE);
+ goto out;
  curwp->w_dotp = lback(curwp->w_dotp);
  curwp->w_dotline--;
  }
+out:
  curwp->w_doto = 0;
  return (TRUE);
 }


--
I'm not entirely sure you are real.