Subject: bin/3489: fix for occasional vi(1) crash
To: None <gnats-bugs@gnats.netbsd.org>
From: Ross Harvey <ross@teraflop.com>
List: netbsd-bugs
Date: 04/14/1997 01:43:39
>Number: 3489
>Category: bin
>Synopsis: vi(1), fix for bad free() leading to occasional cores
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: bin-bug-people (Utility Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Apr 14 01:50:01 1997
>Last-Modified:
>Originator: Ross Harvey
>Organization:
Avalon Computer Systems, Inc.
>Release: bug is in vi 1.66
>Environment:
System: NetBSD epsilon.teraflop.com 1.2D NetBSD 1.2D (e) #15: Wed Apr 9 21:12:42 PDT 1997 ross@epsilon.ghs.com:/bsd/ross/e alpha
>Description:
Patch provided for bad free() involving the tags feature of
vi(1). Causes occasional cores having something to do with
switching files.
>How-To-Repeat:
It happens every couple of days for me, don't know how to
repeat. But I think my fix is right...someone else put
the same fix into some post-1.66 version.
>Fix:
Either upgrade the vi version or apply this patch...
patch -d /usr/src/usr.bin/vi/ex
--- /bsd/base-src/usr.bin/vi/ex/ex_tag.c Mon May 20 05:19:12 1996
+++ /usr/src/usr.bin/vi/ex/ex_tag.c Mon Apr 14 01:24:56 1997
@@ -798,7 +798,8 @@
CIRCLEQ_REMOVE(&tqp->tagq, tp, q);
free(tp);
}
- CIRCLEQ_REMOVE(&exp->tq, tqp, q);
+ if(tqp->q.cqe_next != NULL)
+ CIRCLEQ_REMOVE(&exp->tq, tqp, q);
free(tqp);
return (0);
}
>Audit-Trail:
>Unformatted: