From archer@lucky.net Sun Jul 25 00:05:21 1999
Return-Path: <archer@lucky.net>
Received: from smtp4.erols.com (smtp4.erols.com [207.172.3.237])
	by hub.freebsd.org (Postfix) with ESMTP id 24F7D14BEA
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 25 Jul 1999 00:05:20 -0700 (PDT)
	(envelope-from archer@lucky.net)
Received: from unknown.nowhere.org (207-172-201-67.s4.as2.xnb.nj.dialup.rcn.com [207.172.201.67])
	by smtp4.erols.com (8.8.8/smtp-v1) with ESMTP id DAA27229
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 25 Jul 1999 03:04:42 -0400 (EDT)
Received: (from root@localhost)
	by unknown.nowhere.org (8.9.3/8.9.3) id DAA89825;
	Sun, 25 Jul 1999 03:01:31 -0400 (EDT)
	(envelope-from archer)
Message-Id: <199907250701.DAA89825@unknown.nowhere.org>
Date: Sun, 25 Jul 1999 03:01:31 -0400 (EDT)
From: Alexander Litvin <archer@lucky.net>
Reply-To: archer@lucky.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: nvi infinite recursion with multiple files
X-Send-Pr-Version: 3.2

>Number:         12801
>Category:       bin
>Synopsis:       [patch] nvi(1) infinite recursion with options "leftright" and "comment"
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jul 25 00:10:00 PDT 1999
>Closed-Date:    
>Last-Modified:  Mon May 05 03:17:45 UTC 2014
>Originator:     Alexander Litvin
>Release:        FreeBSD 4.0-CURRENT i386
>Organization:
Lucky Net ltd
>Environment:

FreeBSD unknown.nowhere.org 4.0-CURRENT FreeBSD 4.0-CURRENT #44: Sat Jul 24 13:46:21 EDT 1999     root@unknown.nowhere.org:/usr/src/sys/compile/UNKNOWN  i386

(though the release is not relevant because the code in question seem to be
unchanged since 1996)

>Description:

The simultanious usage of the vi editor options 'comment' (skip leading
comments) and 'leftright' (do left-right scrolling) may lead to the
infinite recursion: on src/contrib/nvi/vi/vs_refresh.c:626 vs_paint()
function called recursively from itself. The result is that stack is
exhausted and process receives segfault.

>How-To-Repeat:

1. Create the ${HOME}/.exrc file with two lines:

set leftright
set comment

or, add these lines to the existing .exrc;

2. Open any file with a few shell, C or C++ comment lines in the beginning;

3. Try to open any non-existent (new) file from the same editing session
by invoking ex "edit" command.

>Fix:
	
The workaround is obviously not use 'comment' and 'leftright' options
simultaniously.


>Release-Note:
>Audit-Trail:

From: Sheldon Hearn <sheldonh@uunet.co.za>
To: archer@lucky.net
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/12801: nvi infinite recursion
Date: Mon, 26 Jul 1999 12:15:53 +0200

 > The simultanious usage of the vi editor options 'comment' (skip leading
 > comments) and 'leftright' (do left-right scrolling) may lead to the
 > infinite recursion: on src/contrib/nvi/vi/vs_refresh.c:626 vs_paint()
 
 In the current sources, it's line 696. We're failing a sanity check,
 which causes an abort(3) if the program is compiled with -DDEBUG.
 
 Your How-To-Repeat is solid. I'll take a look.
 
 Ciao,
 Sheldon.
 
State-Changed-From-To: open->suspended 
State-Changed-By: sheldonh 
State-Changed-When: Tue Jul 27 02:37:41 PDT 1999 
State-Changed-Why:  
Since nvi is in the contrib tree, I've mailed the author with a detailed 
description of the problem. Suspended just means its not feasible for 
FreeBSD developers to be looking at the problem right now. If Keith 
determines that this is a vnedor-specific problem, I'll change the  
state. 


Responsible-Changed-From-To: freebsd-bugs->sheldonh 
Responsible-Changed-By: sheldonh 
Responsible-Changed-When: Tue Jul 27 02:37:41 PDT 1999 
Responsible-Changed-Why:  
This one's on my list. 
State-Changed-From-To: suspended->feedback 
State-Changed-By: mikeh 
State-Changed-When: Thu Jul 5 17:26:35 PDT 2001 
State-Changed-Why:  
Is this fixed with the patch in bin/28687? 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=12801 
State-Changed-From-To: feedback->open 
State-Changed-By: mikeh 
State-Changed-When: Sat Jul 7 04:09:44 PDT 2001 
State-Changed-Why:  
Submitter reports this problem is not fixed with patch for bin/12801. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=12801 

From: Mike Heffner <mheffner@novacoxmail.com>
To: freebsd-gnats-submit@freebsd.org
Cc: FreeBSD-bugs <freebsd-bugs@freebsd.org>
Subject: FW: Re: bin/12801: nvi infinite recursion with options "leftrigh
Date: Tue, 14 Aug 2001 23:59:12 -0400 (EDT)

 This message is in MIME format
 --_=XFMail.1.5.0.FreeBSD:20010814235912:291=_
 Content-Type: multipart/mixed;
  boundary="_=XFMail.1.5.0.FreeBSD:20010814235912:291=_"
 
 This message is in MIME format
 --_=XFMail.1.5.0.FreeBSD:20010814235912:291=_
 Content-Type: text/plain; charset=us-ascii
 
 Forwarding to audit-trail.
 
 -----FW: <20010814234350.A52363@unknown.whichever.org>-----
 
 Date: Tue, 14 Aug 2001 23:43:50 -0400
 From: Alexander Litvin <archer@whichever.org>
 To: Sheldon Hearn <sheldonh@starjuice.net>
 Subject: Re: bin/12801: nvi infinite recursion with options "leftright" and
 "comment"
 Cc: mikeh@FreeBSD.org
 
 > In message about "Re: bin/12801: nvi infinite recursion with options
 "leftright" and "comment""
 >  on Fri, Jul 06, 2001, at 08:48:09 AM you wrote:
 > 
 > > > Synopsis: nvi infinite recursion with options "leftright" and "comment"
 > > > 
 > > > State-Changed-From-To: suspended->feedback
 > > > State-Changed-By: mikeh
 > > > State-Changed-When: Thu Jul 5 17:26:35 PDT 2001
 > > > State-Changed-Why: 
 > > > Is this fixed with the patch in bin/28687?
 > > 
 > > Should be. :-)
 > 
 > No, unfortunately it's not.
 
 Actually, as I investigated the problem, it is more severe
 then just using to incompatible options. That is, this
 infinite recursion can be "achieved" even without "comment"
 option -- it is enougth, for example, to do the following:
 
 1) go to the line with number NUM, where
    1 < NUM < "screen height"/2;
 2) make the line to be on the top of the screen
    (e.g. by z+<Enter>);
 3) do :e <non-existent file>
 
 What I figured is that during switching files vi somehow
 messes up the old and new state -- like sp (pointer to
 screen structure?) already contains (mostly) info about
 new file, but HMAP macro (what's this exactly?) still
 has information about old file position. The fact that
 this mess really works through vs_refresh() is, IMHO,
 accidential.
 
 The attached patch seems to fix the problem. This is sort
 of hack, because I don't exactly understand the guts of vi,
 and I have no idea how produce politically correct fix.
 But at least it doesn't do anything bad (IMHO).
 
 --- 
 Laugh at your problems; everybody else does.
 
 
 --------------End of forwarded message-------------------------
 
 
 Mike
 
 -- 
   Mike Heffner         <mheffner@[acm.]vt.edu>
   Fredericksburg, VA       <mikeh@FreeBSD.org>
 
 
 --_=XFMail.1.5.0.FreeBSD:20010814235912:291=_
 Content-type: text/plain; NAME=vi.diff; charset=us-ascii
 Content-disposition: attachment; filename=vi.diff
 
 *** src/contrib/nvi/vi/vi.c.orig	Tue Aug 14 23:13:30 2001
 --- src/contrib/nvi/vi/vi.c	Tue Aug 14 23:14:34 2001
 ***************
 *** 399,404 ****
 --- 399,408 ----
   		if (F_ISSET(sp, SC_FSWITCH)) {
   			F_CLR(sp, SC_FSWITCH);
   			(void)sp->gp->scr_rename(sp, sp->frp->name, 1);
 + 			/* XXX */
 + 			HMAP->lno = sp->lno;
 + 			HMAP->coff = 0;
 + 			HMAP->soff = 1;
   		}
   
   		/* If leaving vi, return to the main editor loop. */
 
 --_=XFMail.1.5.0.FreeBSD:20010814235912:291=_--
 End of MIME message
 
 --_=XFMail.1.5.0.FreeBSD:20010814235912:291=_
 Content-Type: application/pgp-signature
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.0.6 (FreeBSD)
 Comment: For info see http://www.gnupg.org
 
 iD8DBQE7efOQFokZQs3sv5kRAuvuAJ0UDhHUc1UbDWNkv4CiscRvCeG8WwCcCGhB
 LwuMb75VTX/Indma8/kN6Ys=
 =0qy3
 -----END PGP SIGNATURE-----
 
 --_=XFMail.1.5.0.FreeBSD:20010814235912:291=_--
 End of MIME message

From: Alexander Litvin <archer@whichever.org>
To: Sheldon Hearn <sheldonh@starjuice.net>
Cc: mikeh@FreeBSD.org
Subject: Re: bin/12801: nvi infinite recursion with options "leftright" and "comment"
Date: Tue, 14 Aug 2001 23:43:50 -0400

 --82I3+IH0IqGh5yIs
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 > In message about "Re: bin/12801: nvi infinite recursion with options "leftright" and "comment""
 >  on Fri, Jul 06, 2001, at 08:48:09 AM you wrote:
 > 
 > > > Synopsis: nvi infinite recursion with options "leftright" and "comment"
 > > > 
 > > > State-Changed-From-To: suspended->feedback
 > > > State-Changed-By: mikeh
 > > > State-Changed-When: Thu Jul 5 17:26:35 PDT 2001
 > > > State-Changed-Why: 
 > > > Is this fixed with the patch in bin/28687?
 > > 
 > > Should be. :-)
 > 
 > No, unfortunately it's not.
 
 Actually, as I investigated the problem, it is more severe
 then just using to incompatible options. That is, this
 infinite recursion can be "achieved" even without "comment"
 option -- it is enougth, for example, to do the following:
 
 1) go to the line with number NUM, where
    1 < NUM < "screen height"/2;
 2) make the line to be on the top of the screen
    (e.g. by z+<Enter>);
 3) do :e <non-existent file>
 
 What I figured is that during switching files vi somehow
 messes up the old and new state -- like sp (pointer to
 screen structure?) already contains (mostly) info about
 new file, but HMAP macro (what's this exactly?) still
 has information about old file position. The fact that
 this mess really works through vs_refresh() is, IMHO,
 accidential.
 
 The attached patch seems to fix the problem. This is sort
 of hack, because I don't exactly understand the guts of vi,
 and I have no idea how produce politically correct fix.
 But at least it doesn't do anything bad (IMHO).
 
 --- 
 Laugh at your problems; everybody else does.
 
 
 --82I3+IH0IqGh5yIs
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: attachment; filename="vi.diff"
 
 *** src/contrib/nvi/vi/vi.c.orig	Tue Aug 14 23:13:30 2001
 --- src/contrib/nvi/vi/vi.c	Tue Aug 14 23:14:34 2001
 ***************
 *** 399,404 ****
 --- 399,408 ----
   		if (F_ISSET(sp, SC_FSWITCH)) {
   			F_CLR(sp, SC_FSWITCH);
   			(void)sp->gp->scr_rename(sp, sp->frp->name, 1);
 + 			/* XXX */
 + 			HMAP->lno = sp->lno;
 + 			HMAP->coff = 0;
 + 			HMAP->soff = 1;
   		}
   
   		/* If leaving vi, return to the main editor loop. */
 
 --82I3+IH0IqGh5yIs--
Responsible-Changed-From-To: sheldonh->freebsd-bugs 
Responsible-Changed-By: sheldonh 
Responsible-Changed-When: Tue Nov 27 10:16:19 PST 2001 
Responsible-Changed-Why:  
I don't have time to get stuck into this one again.  Anyway, people 
seem to have declared open season on the vendor branch for nvi and 
there are even rumours of an impending new release.  Again.  ;-) 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=12801 

From: Zhihao Yuan <zy@miator.net>
To: bug-followup@FreeBSD.org, archer@lucky.net
Cc:  
Subject: Re: bin/12801: nvi infinite recursion with options
 &quot;leftright&quot; and &quot;comment&quot;
Date: Sat, 2 Nov 2013 05:15:05 -0400

 Fixed by https://github.com/lichray/nvi2/commit/3c7a9a74038f593ab4a437cfe8f791092a796b1e
 ;
 will be imported latter.
 
 -- 
 Zhihao Yuan, ID lichray
 The best way to predict the future is to invent it.
 ___________________________________________________
 4BSD -- http://4bsd.biz/
>Unformatted:
