netbsd-bugs: bin/25295: less (v374) dumps core on alpha when searching backwards

Subject: bin/25295: less (v374) dumps core on alpha when searching backwards
To: None <gnats-bugs@gnats.netbsd.org>
From: Greg A. Woods <woods@weird.com>
List: netbsd-bugs
Date: 04/23/2004 17:04:55
>Number:         25295
>Category:       bin
>Synopsis:       less (v374) dumps core on alpha when searching backwards
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Apr 23 21:05:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Greg A. Woods
>Release:        NetBSD 1.6.2_RC2 (approximately 2004/01/23)
>Organization:
Planix, Inc.; Toronto, Ontario; Canada
>Environment:
System: NetBSD 1.6.2_RC2
Architecture: alpha
Machine: alpha
>Description:

	less (version 374) dumps core on alpha when searching
	backwards for a non-regex string:

(gdb) where
#0  0x12000d5d4 in back_raw_line (curr_pos=4832325632, linep=0x1ffffec18)
    at /proven/work/woods/m-NetBSD-1.6/usr.bin/less/less/line.c:881
#1  0x120016230 in search_range (pos=22722914, endpos=-1, search_type=514, 
    matches=1, maxlines=-1, plinepos=0x1ffffeca8, pendpos=0x0)
    at /proven/work/woods/m-NetBSD-1.6/usr.bin/less/less/search.c:941
#2  0x1200165fc in search (search_type=514, 
    pattern=0x1635a3e <Address 0x1635a3e out of bounds>, n=1)
    at /proven/work/woods/m-NetBSD-1.6/usr.bin/less/less/search.c:1148
#3  0x120004f70 in multi_search (pattern=0x0, n=1)
    at /proven/work/woods/m-NetBSD-1.6/usr.bin/less/less/command.c:800
#4  0x120005880 in commands ()
    at /proven/work/woods/m-NetBSD-1.6/usr.bin/less/less/command.c:1292
#5  0x12000eec8 in main (argc=-1, argv=0x1ffffede0)
    at /proven/work/woods/m-NetBSD-1.6/usr.bin/less/less/main.c:296
(gdb) list
876                              * Shift the data to the end of the new linebuf.
877                              */
878                             for (fm = linebuf + old_size_linebuf,
879                                   to = linebuf + size_linebuf;
880                                  fm >= linebuf;  fm--, to--)
881                                     *to = *fm;
882                             n = size_linebuf - old_size_linebuf;
883                     }
884                     linebuf[--n] = c;
885             }
(gdb) info locals
fm = 0x120ac7c00 ""
to = 0x120ac8000 <Address 0x120ac8000 out of bounds>
n = 0
c = 32
new_pos = 0
(gdb) print linebuf
$1 = 0x120ac7000 ' ' <repeats 200 times>...
(gdb) print old_size_linebuf
No symbol "old_size_linebuf" in current context.
(gdb) print size_linebuf
$2 = 4096
(gdb) print linebuf+size_linebuf
$3 = 0x120ac8000 <Address 0x120ac8000 out of bounds>
(gdb)

>How-To-Repeat:

	try searching backwards, particularly for non-regex strings
	(i.e. press <Ctrl-R> after pressing '?' and before entering
	the search string) in a large file with some very long lines.

>Fix:

	unknown

>Release-Note:
>Audit-Trail:
>Unformatted: