NetBSD Problem Report #53164
From www@NetBSD.org Sat Apr 7 11:56:56 2018
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 789CA7A1B3
for <gnats-bugs@gnats.NetBSD.org>; Sat, 7 Apr 2018 11:56:56 +0000 (UTC)
Message-Id: <20180407115655.119FD7A21F@mollari.NetBSD.org>
Date: Sat, 7 Apr 2018 11:56:55 +0000 (UTC)
From: tobiasu@tmux.org
Reply-To: tobiasu@tmux.org
To: gnats-bugs@NetBSD.org
Subject: vi coredump when viewing binary file
X-Send-Pr-Version: www-1.0
>Number: 53164
>Category: bin
>Synopsis: vi coredump when viewing binary file
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: rin
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Apr 07 12:00:00 +0000 2018
>Closed-Date: Tue Jun 05 00:00:27 +0000 2018
>Last-Modified: Tue Jun 05 00:00:27 +0000 2018
>Originator: Tobias Ulmer
>Release: NetBSD 8.99.14
>Organization:
>Environment:
NetBSD phenom.tmux.org 8.99.14 NetBSD 8.99.14 (GENERIC) #0: Wed Apr 4 10:17:52 UTC 2018 mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
vi is calling abort() in vs_refresh.c when viewing binary files.
I'm guessing this is due to recentish multibyte changes.
(gdb) bt
#0 0x0000747106b1d38a in _lwp_kill () from /usr/lib/libc.so.12
#1 0x0000747106b1d017 in abort () from /usr/lib/libc.so.12
#2 0x000000011d04778e in vs_paint (sp=sp@entry=0x747107522000, flags=flags@entry=3) at /usr/src/external/bsd/nvi/dist/vi/vs_refresh.c:726
#3 0x000000011d046c5a in vs_paint (sp=sp@entry=0x747107522000, flags=3) at /usr/src/external/bsd/nvi/dist/vi/vs_refresh.c:728
#4 0x000000011d047966 in vs_refresh (sp=sp@entry=0x747107522000, forcepaint=forcepaint@entry=0) at /usr/src/external/bsd/nvi/dist/vi/vs_refresh.c:99
#5 0x000000011d042e73 in vi (spp=spp@entry=0x7f7fff18b070) at /usr/src/external/bsd/nvi/dist/vi/vi.c:112
#6 0x000000011d02bc7e in editor (wp=0x747107502400, argc=<optimized out>, argv=<optimized out>) at /usr/src/external/bsd/nvi/dist/common/main.c:436
#7 0x000000011d053996 in main (argc=2, argv=0x7f7fff18b2e0) at /usr/src/external/bsd/nvi/dist/cl/cl_main.c:134
711 done_cursor:
712 /*
713 * Sanity checking. When the repainting code messes up, the usual
714 * result is we don't repaint the cursor and so sc_smap will be
715 * NULL. If we're debugging, die, otherwise restart from scratch.
716 */
717 #ifdef DEBUG
718 if (vip->sc_smap == NULL) {
719 fprintf(stderr, "smap error\n");
720 sleep(100);
721 abort();
722 }
723 #else
724 if (vip->sc_smap == NULL) {
725 if (F_ISSET(sp, SC_SCR_REFORMAT))
726 abort(); /* XXX */
727 F_SET(sp, SC_SCR_REFORMAT);
728 return (vs_paint(sp, flags));
729 }
730 #endif
Line 726 is new (rev 1.7) and not present in the latest nvi nor in Free/Open.
The new behavior contradicts the comment after done_cursor.
Playing around, there seem to be other issues as well.
The modeline cursor column (curcol) goes wildly out of range,
scrolling stops working somewhat, the screens isn't redrawn properly,
the vip pointer gets corrupted resulting in a segfault from time to time,
etc.
>How-To-Repeat:
Open /usr/bin/gdb in vi and quickly scroll around with j/k/page up/down.
I'm using urxvt over ssh.
>Fix:
>Release-Note:
>Audit-Trail:
From: Rin Okuyama <rokuyama@rk.phys.keio.ac.jp>
To: gnats-bugs@NetBSD.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Cc:
Subject: Re: bin/53164: vi coredump when viewing binary file
Date: Sat, 7 Apr 2018 21:39:08 +0900
On 2018/04/07 21:00, tobiasu@tmux.org wrote:
> 711 done_cursor:
> 712 /*
> 713 * Sanity checking. When the repainting code messes up, the usual
> 714 * result is we don't repaint the cursor and so sc_smap will be
> 715 * NULL. If we're debugging, die, otherwise restart from scratch.
> 716 */
...
> 724 if (vip->sc_smap == NULL) {
> 725 if (F_ISSET(sp, SC_SCR_REFORMAT))
> 726 abort(); /* XXX */
> 727 F_SET(sp, SC_SCR_REFORMAT);
> 728 return (vs_paint(sp, flags));
> 729 }
...
> Line 726 is new (rev 1.7) and not present in the latest nvi nor in Free/Open.
> The new behavior contradicts the comment after done_cursor.
Well, this does not actually contradicts to the comment. When we fails
to repaint, we try again from scratch by specifying SC_SCR_REFORMAT
flag. This flag is switched off if we succeed. Therefore, it means that
we're falling into an infinite recursion if we reach this code segment
with this flag turned on.
> Playing around, there seem to be other issues as well.
>
> The modeline cursor column (curcol) goes wildly out of range,
> scrolling stops working somewhat, the screens isn't redrawn properly,
> the vip pointer gets corrupted resulting in a segfault from time to time,
> etc.
>
> How-To-Repeat:
> Open /usr/bin/gdb in vi and quickly scroll around with j/k/page up/down.
> I'm using urxvt over ssh.
I could reproduce this problem with LC_CTYPE=ja_JP.UTF-8, whereas
I couldn't with LC_CTYPE=C. I guess that we fail to repaint screen
when we encounter some invalid byte sequence in non-ASCII encoding.
Responsible-Changed-From-To: bin-bug-people->rin
Responsible-Changed-By: rin@NetBSD.org
Responsible-Changed-When: Sat, 07 Apr 2018 12:41:55 +0000
Responsible-Changed-Why:
Take
From: "Rin Okuyama" <rin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/53164 CVS commit: src/external/bsd/nvi/dist/vi
Date: Tue, 10 Apr 2018 12:44:41 +0000
Module Name: src
Committed By: rin
Date: Tue Apr 10 12:44:41 UTC 2018
Modified Files:
src/external/bsd/nvi/dist/vi: vs_refresh.c
Log Message:
PR bin/53164: Comment why we abort here.
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 src/external/bsd/nvi/dist/vi/vs_refresh.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Rin Okuyama <rokuyama@rk.phys.keio.ac.jp>
To: gnats-bugs@NetBSD.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Cc:
Subject: Re: bin/53164: vi coredump when viewing binary file
Date: Tue, 10 Apr 2018 21:54:20 +0900
Reverting changes made in Revs. 1.7 and 1.8 (except abort) does not
fix the problems. We need further investigation...
From: coypu@sdf.org
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: bin/53164: vi coredump when viewing binary file
Date: Mon, 28 May 2018 04:24:56 +0000
I ended up reporting PR bin/53323 which is similar to this but with one
character. netbsd-8's vi doesn't crash on my case, but -current does.
From: "Rin Okuyama" <rin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/53164 CVS commit: src/external/bsd/nvi/dist
Date: Sun, 3 Jun 2018 08:08:37 +0000
Module Name: src
Committed By: rin
Date: Sun Jun 3 08:08:37 UTC 2018
Modified Files:
src/external/bsd/nvi/dist/common: conv.h
src/external/bsd/nvi/dist/vi: vs_line.c vs_relative.c
Log Message:
Make sure that every wide char occupies at least one display width:
- Replace non-printable multibyte char with ?-symbol.
- Put space before non-spacing char.
Fix problems reported in PR bin/53164 and
PR bin/53323, that are because we did not take into account non-printable
multibyte char of wctob(wc) == EOF && wcwidth(wc) == -1.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/nvi/dist/common/conv.h
cvs rdiff -u -r1.4 -r1.5 src/external/bsd/nvi/dist/vi/vs_line.c \
src/external/bsd/nvi/dist/vi/vs_relative.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->feedback
State-Changed-By: rin@NetBSD.org
State-Changed-When: Sun, 03 Jun 2018 08:16:17 +0000
State-Changed-Why:
Now "vi /usr/bin/gdb" does not crash anymore for me.
From: Tobias Ulmer <tobiasu@tmux.org>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: bin/53164 (vi coredump when viewing binary file)
Date: Tue, 5 Jun 2018 01:46:54 +0200
On Sun, Jun 03, 2018 at 08:16:17AM +0000, rin@NetBSD.org wrote:
> Synopsis: vi coredump when viewing binary file
>
> State-Changed-From-To: open->feedback
> State-Changed-By: rin@NetBSD.org
> State-Changed-When: Sun, 03 Jun 2018 08:16:17 +0000
> State-Changed-Why:
> Now "vi /usr/bin/gdb" does not crash anymore for me.
>
>
>
Can confirm this fixes the issue for me :)
State-Changed-From-To: feedback->closed
State-Changed-By: rin@NetBSD.org
State-Changed-When: Tue, 05 Jun 2018 00:00:27 +0000
State-Changed-Why:
Thank you for your quick response!
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home