Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix vi mode crashes when going back one word #246

Merged
merged 3 commits into from
Mar 30, 2021
Merged

Fix vi mode crashes when going back one word #246

merged 3 commits into from
Mar 30, 2021

Conversation

JohnoKing
Copy link

@JohnoKing JohnoKing commented Mar 30, 2021
edited
Loading

This bug was originally reported at att#1467. A crash can occur when using the b or B vi mode commands to go back one word. I was able to reproduce these crashes with 100% consistency on an OpenBSD virtual machine when ksh is compiled with -D_std_malloc. Reproducer:

$ set -o vi
$ asdf <ESC> <b or B>

The fix is based on Matthew DeVore's analysis:

I suspect this is caused by this line:
while (vi_isalph(tcur_virt) && tcur_virt >= first_virt) --tcur_virt;
which is in the b codepath. It checks vi_isalph(tcur_virt) before checking if tcur_virt is in range. These two clauses should be reversed. Note that line 316 is a similar check for pressing B, and there the tcur_virt value is checked first.

src/cmd/ksh93/edit/vi.c:

  • Check tcur_virt before using isalph() or isblank() to fix both crashes. At the start of the backword() while loop this check was performed twice, so the redundant check has been removed.

src/cmd/ksh93/tests/pty.sh:

  • Add a regression test for the b, B, w and W editor commands.

@JohnoKing
Fix vi mode crashes when going back one word
628f97a 
This bug was originally reported at <att#1467>.
A crash can occur when using the 'b' or 'B' vi mode commands to go back
one word. I was able to reproduce these crashes with 100% consistency on
an OpenBSD virtual machince when ksh is compiled with -D_std_malloc.
Reproducer:
    $ set -o vi
    $ asdf <ESC> <b or B>

The fix is based on Matthew DeVore's analysis:
> I suspect this is caused by this line:
>> while (vi_isalph(tcur_virt) && tcur_virt >= first_virt) --tcur_virt;
> which is in the b codepath. It checks vi_isalph(tcur_virt) before checking
> if tcur_virt is in range. These two clauses should be reversed. Note that
> line 316 is a similar check for pressing B, and there the tcur_virt value
> is checked first.

src/cmd/ksh93/edit/vi.c:
- Check tcur_virt before using isalph() or isblank() to fix both crashes.
  At the start of the backword() while loop this check was performed
  twice, so the redundant check has been removed.

src/cmd/ksh93/tests/pty.sh:
- Add a regression test for the b, B, w and W editor commands.
@JohnoKing
Use W, not two ws
5fc9c85
@JohnoKing
Add link to original bug report
78a01f4
@McDutchie
Copy link

Makes complete sense. Thanks for the backport.

@McDutchie McDutchie merged commit 113a939 into ksh93:master Mar 30, 2021
@JohnoKing JohnoKing deleted the fix-vi-crash branch March 30, 2021 13:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@JohnoKing @McDutchie