From nobody@FreeBSD.org  Mon Jul 16 07:50:38 2007
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id B54CF16A400
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 16 Jul 2007 07:50:38 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [69.147.83.33])
	by mx1.freebsd.org (Postfix) with ESMTP id A54E113C428
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 16 Jul 2007 07:50:38 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.1/8.14.1) with ESMTP id l6G7obnI038537
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 16 Jul 2007 07:50:38 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.1/8.14.1/Submit) id l6G7obbk038536;
	Mon, 16 Jul 2007 07:50:37 GMT
	(envelope-from nobody)
Message-Id: <200707160750.l6G7obbk038536@www.freebsd.org>
Date: Mon, 16 Jul 2007 07:50:37 GMT
From: Bernard Steiner <zdbs@lif.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: /usr/bin/less SEGV
X-Send-Pr-Version: www-3.0

>Number:         114617
>Category:       bin
>Synopsis:       less(1) SEGV
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    delphij
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jul 16 08:00:10 GMT 2007
>Closed-Date:    Thu Oct 11 18:56:14 UTC 2007
>Last-Modified:  Thu Oct 11 18:56:14 UTC 2007
>Originator:     Bernard Steiner
>Release:        6.2
>Organization:
Lahmeyer International
>Environment:
FreeBSD machine6 6.2-STABLE FreeBSD 6.2-STABLE #3: Fri Jul 13 12:11:45 CEST 2007     root@machine6:/usr/obj/usr/src/sys/MACHINE6  amd64
>Description:
# (ENTER)less /usr/ports/sysutils/xmbmon/*
[... output of Makefile ...]
/usr/ports/sysutils/xmbmon/Makefile (file 1 of 2) (END) - Next: /usr/ports/sysutils/xmbmon/files
(ENTER):n<CR>
 :Segmentation fault (core dumped)
#

May I add the same thing happens with

FreeBSD grimma 6.2-STABLE FreeBSD 6.2-STABLE #35: Sun Jul 15 18:18:40 CEST 2007     root@grimma:/usr/obj/usr/src/sys/GRIMMA  i386
(and also same configuration with amd64; note all three 6.2-STABLE are SMP machines)

but works OK with

FreeBSD machine5 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #1: Fri Mar 24 19:40:17 CET 2006     root@machine5:/usr/obj/usr/src/sys/GENERIC  i386
(single CPU) and also
FreeBSD machine3 5.4-STABLE FreeBSD 5.4-STABLE #0: Tue Sep 13 17:43:08 CEST 2005
     root@machine3:/usr_obj/usr/src/sys/MACHINE3  sparc64
(single CPU)

Same thing happens with a copy of the xmbmon directory if copied to /tmp.
Nothing bad happens with "less /*".
If prepending and appending a number of files and directories to the less that dumps core it works OK.

ktrace indicates the SEGV occurs directly after stat() for the second file
i.e. directory "files", stat returns 0

haven't managed to gdb less yet due to lack of symbols :-(
>How-To-Repeat:
On 6.2-STABLE i386 or amd64 SMP with ports, call less
/usr/ports/sysutils/xmbmon/*
>Fix:


>Release-Note:
>Audit-Trail:

From: "Steiner, Bernard" <Bernard.Steiner@lahmeyer.de>
To: <bug-followup@FreeBSD.org>
Cc:  
Subject: Re: bin/114617: less(1) SEGV
Date: Mon, 16 Jul 2007 23:52:53 +0200

 Forget about my rantings about system type.
 
 Looks like this happens when doing less on two or more targets,
 where the first one has less lines than the number of
 lines in the tty and the second one is not a regular file.
 It works OK when the first two targets are regular files and
 the third one ain't.
 
 Sorry for the HTML in my mail.  [bugmeister note: removed]
 
 Bernard
 
From: "Steiner, Bernard" <Bernard.Steiner@lahmeyer.de>
To: <bug-followup@FreeBSD.org>
Cc:  
Subject: Re: bin/114617: less(1) SEGV
Date: Tue, 17 Jul 2007 00:12:38 +0200

 gotcha:
 
 Core was generated by `less'.
 Program terminated with signal 11, Segmentation fault.
 #0  0x0804ac54 in ch_length ()
     at /usr/src/usr.bin/less/../../contrib/less/ch.c:508
 508             if (ch_flags & CH_HELPFILE)
 
 and
 #define ch_flags        thisfile->flags
 
 (gdb) print thisfile
 $1 = (struct filestate *) 0x0
 
Responsible-Changed-From-To: freebsd-bugs->delphij 
Responsible-Changed-By: delphij 
Responsible-Changed-When: Sat Sep 29 12:50:12 UTC 2007 
Responsible-Changed-Why:  
Take. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=114617 
State-Changed-From-To: open->patched 
State-Changed-By: delphij 
State-Changed-When: Mon Oct 8 16:22:03 UTC 2007 
State-Changed-Why:  
Dear submitter, 

I think this has been fixed by a recent less upgrade to v408. 
Would you please help us to confirm? 

Thanks in advance! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=114617 

From: "Steiner, Bernard" <Bernard.Steiner@lahmeyer.de>
To: <bug-followup@FreeBSD.org>, <delphij@FreeBSD.org>
Cc:  
Subject: Re: bin/114617: less(1) SEGV
Date: Tue, 9 Oct 2007 13:43:08 +0200

 I have just csuped stable and the respective version.c still claims it
 is v406.
 I will keep an eye on this and re-compile my system as soon as I see
 v408 in there.
 
 Bernard
State-Changed-From-To: patched->closed 
State-Changed-By: delphij 
State-Changed-When: Thu Oct 11 18:56:00 UTC 2007 
State-Changed-Why:  
less v408 was MFC'ed to RELENG_6. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=114617 
>Unformatted:
