From nobody@FreeBSD.org  Mon Jul  6 21:32:26 2009
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BC87C1065673
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  6 Jul 2009 21:32:26 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id AB3FB8FC1E
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  6 Jul 2009 21:32:26 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n66LWQ4n024443
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 6 Jul 2009 21:32:26 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id n66LWQ8i024438;
	Mon, 6 Jul 2009 21:32:26 GMT
	(envelope-from nobody)
Message-Id: <200907062132.n66LWQ8i024438@www.freebsd.org>
Date: Mon, 6 Jul 2009 21:32:26 GMT
From: Frank Sheiness <frank@dough.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: ^C causes breakage in /usr/bin/vi
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         136393
>Category:       bin
>Synopsis:       vi(1): ^C causes breakage in /usr/bin/vi
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    jh
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jul 06 21:40:01 UTC 2009
>Closed-Date:    Fri Sep 10 04:57:08 UTC 2010
>Last-Modified:  Fri Sep 10 04:57:08 UTC 2010
>Originator:     Frank Sheiness
>Release:        7.2-STABLE
>Organization:
>Environment:
FreeBSD forbidden 7.2-STABLE FreeBSD 7.2-STABLE #8: Sat May 16 00:39:53 CDT 2009     root@forbidden:/usr/obj/usr/src/sys/FORBIDDEN  i386
>Description:
When using /usr/bin/vi, I use control-C to get out of insert mode.  If I do that and then try to use the '.' command to repeat an action, I get a bunch of junk dumped into my buffer.  On some older versions of FreeBSD, this causes a segmentation fault.

I believe the function file_end() is called when I hit ^C, and it free()s 'ep' on line 724 of exf.c

Then that free()d value is used later when the screen is repainted.
>How-To-Repeat:
/usr/bin/vi
Type: 'i' to enter insert mode
Type: abc
Type: Ctrl-C
Type: 0 to go to the beginning of the line
Type: cw
Type: def
Type: Ctrl-C
Type: .
>Fix:


>Release-Note:
>Audit-Trail:

From: Jaakko Heinonen <jh@saunalahti.fi>
To: Frank Sheiness <frank@dough.net>
Cc: bug-followup@FreeBSD.org
Subject: Re: bin/136393: ^C causes breakage in /usr/bin/vi
Date: Tue, 7 Jul 2009 18:06:29 +0300

 Hi,
 
 On 2009-07-06, Frank Sheiness wrote:
 > >How-To-Repeat:
 > /usr/bin/vi
 > Type: 'i' to enter insert mode
 > Type: abc
 > Type: Ctrl-C
 > Type: 0 to go to the beginning of the line
 > Type: cw
 > Type: def
 > Type: Ctrl-C
 > Type: .
 
 See the latest patches submitted to PR bin/21089. Those patches seem to
 fix the problem.
 
 Direct links to the patches:
 
 http://www.saunalahti.fi/~jh3/patches/nvi-netbsd-v_ex.c-1.diff
 http://www.saunalahti.fi/~jh3/patches/nvi-netbsd-v_txt.c-1.diff
 http://www.saunalahti.fi/~jh3/patches/nvi-netbsd-v_txt.c-2.diff
 http://www.saunalahti.fi/~jh3/patches/nvi-netbsd-v_txt.c-3.diff
 http://www.saunalahti.fi/~jh3/patches/nvi-netbsd-v_txt.c-4.diff
 
 -- 
 Jaakko

From: Frank Sheiness <frank@dough.net>
To: Jaakko Heinonen <jh@saunalahti.fi>
Cc: Frank Sheiness <frank@dough.net>, bug-followup@FreeBSD.org
Subject: Re: bin/136393: ^C causes breakage in /usr/bin/vi
Date: Tue, 7 Jul 2009 12:39:36 -0500

 Yes, that fixed it.
 
 Thanks,
 Frank
 
 On Tue, Jul 07, 2009 at 06:06:29PM +0300, Jaakko Heinonen wrote:
 > 
 > Hi,
 > 
 > On 2009-07-06, Frank Sheiness wrote:
 > > >How-To-Repeat:
 > > /usr/bin/vi
 > > Type: 'i' to enter insert mode
 > > Type: abc
 > > Type: Ctrl-C
 > > Type: 0 to go to the beginning of the line
 > > Type: cw
 > > Type: def
 > > Type: Ctrl-C
 > > Type: .
 > 
 > See the latest patches submitted to PR bin/21089. Those patches seem to
 > fix the problem.
 > 
 > Direct links to the patches:
 > 
 > http://www.saunalahti.fi/~jh3/patches/nvi-netbsd-v_ex.c-1.diff
 > http://www.saunalahti.fi/~jh3/patches/nvi-netbsd-v_txt.c-1.diff
 > http://www.saunalahti.fi/~jh3/patches/nvi-netbsd-v_txt.c-2.diff
 > http://www.saunalahti.fi/~jh3/patches/nvi-netbsd-v_txt.c-3.diff
 > http://www.saunalahti.fi/~jh3/patches/nvi-netbsd-v_txt.c-4.diff
 > 
 > -- 
 > Jaakko
 
 -- 
    Frank Sheiness - VP of Software Development - Korcett Holdings, Inc.
    frank.sheiness@korcett.com   aim:txrrfrank   http://www.korcett.com/
    [ 512-419-7419 x 205 (o) ] [ 512-417-8825 (c) ] [ 512-419-7680 (f) ]
Responsible-Changed-From-To: freebsd-bugs->jh 
Responsible-Changed-By: jh 
Responsible-Changed-When: Tue May 4 15:41:23 UTC 2010 
Responsible-Changed-Why:  
Take. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=136393 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/136393: commit references a PR
Date: Fri, 28 May 2010 09:30:35 +0000 (UTC)

 Author: jh
 Date: Fri May 28 09:30:13 2010
 New Revision: 208612
 URL: http://svn.freebsd.org/changeset/base/208612
 
 Log:
   Fixes from NetBSD for nvi visual mode:
   
   - Fix handling of ^@ when reading an ex command. Don't try to replay
     the previous input.
   - Fix handling of ^C in insert mode and when reading an ex command.
     Repeating an interrupted input could cause a crash and interrupting
     ex command input could cause a file corruption.
   - Fix a bug which causes crashes in file name completion when a file
     name is longer than the screen width.
   - When an error occurs in v_txt(), leave the input mode.
   
   PR:		bin/21089, bin/136393
   Obtained from:	NetBSD
 
 Modified:
   head/contrib/nvi/vi/v_ex.c
   head/contrib/nvi/vi/v_txt.c
 
 Modified: head/contrib/nvi/vi/v_ex.c
 ==============================================================================
 --- head/contrib/nvi/vi/v_ex.c	Fri May 28 09:26:53 2010	(r208611)
 +++ head/contrib/nvi/vi/v_ex.c	Fri May 28 09:30:13 2010	(r208612)
 @@ -428,6 +428,10 @@ v_ex(sp, vp)
  			if (tp->term == TERM_BS)
  				break;
  
 +			/* If the user changed their mind, return. */
 +			if (tp->term != TERM_OK)
 +				break;
 +
  			/* Log the command. */
  			if (O_STR(sp, O_CEDIT) != NULL && v_ecl_log(sp, tp))
  				return (1);
 
 Modified: head/contrib/nvi/vi/v_txt.c
 ==============================================================================
 --- head/contrib/nvi/vi/v_txt.c	Fri May 28 09:26:53 2010	(r208611)
 +++ head/contrib/nvi/vi/v_txt.c	Fri May 28 09:30:13 2010	(r208612)
 @@ -510,15 +510,6 @@ next:	if (v_event_get(sp, evp, 0, ec_fla
  	case E_EOF:
  		F_SET(sp, SC_EXIT_FORCE);
  		return (1);
 -	case E_INTERRUPT:
 -		/*
 -		 * !!!
 -		 * Historically, <interrupt> exited the user from text input
 -		 * mode or cancelled a colon command, and returned to command
 -		 * mode.  It also beeped the terminal, but that seems a bit
 -		 * excessive.
 -		 */
 -		goto k_escape;
  	case E_REPAINT:
  		if (vs_repaint(sp, &ev))
  			return (1);
 @@ -526,10 +517,37 @@ next:	if (v_event_get(sp, evp, 0, ec_fla
  	case E_WRESIZE:
  		/* <resize> interrupts the input mode. */
  		v_emsg(sp, NULL, VIM_WRESIZE);
 -		goto k_escape;
 +		/* FALLTHROUGH */
  	default:
 -		v_event_err(sp, evp);
 -		goto k_escape;
 +		if (evp->e_event != E_INTERRUPT && evp->e_event != E_WRESIZE)
 +			v_event_err(sp, evp);
 +		/*
 +		 * !!!
 +		 * Historically, <interrupt> exited the user from text input
 +		 * mode or cancelled a colon command, and returned to command
 +		 * mode.  It also beeped the terminal, but that seems a bit
 +		 * excessive.
 +		 */
 +		/*
 +		 * If we are recording, morph into <escape> key so that
 +		 * we can repeat the command safely: there is no way to
 +		 * invalidate the repetition of an instance of a command,
 +		 * which would be the alternative possibility.
 +		 * If we are not recording (most likely on the command line),
 +		 * simply discard the input and return to command mode
 +		 * so that an INTERRUPT doesn't become for example a file
 +		 * completion request. -aymeric
 +		 */
 +		if (LF_ISSET(TXT_RECORD)) {
 +			evp->e_event = E_CHARACTER;
 +			evp->e_c = 033;
 +			evp->e_flags = 0;
 +			evp->e_value = K_ESCAPE;
 +			break;
 +		} else {
 +			tp->term = TERM_ESC;
 +			goto k_escape;
 +		}
  	}
  
  	/*
 @@ -539,7 +557,7 @@ next:	if (v_event_get(sp, evp, 0, ec_fla
  	 * This was not documented as far as I know, and is a great test of vi
  	 * clones.
  	 */
 -	if (rcol == 0 && !LF_ISSET(TXT_REPLAY) && evp->e_c == '\0') {
 +	if (LF_ISSET(TXT_RECORD) && rcol == 0 && evp->e_c == '\0') {
  		if (vip->rep == NULL)
  			goto done;
  
 @@ -1456,6 +1474,7 @@ done:	/* Leave input mode. */
  
  err:
  alloc_err:
 +	F_CLR(sp, SC_TINPUT);
  	txt_err(sp, &sp->tiq);
  	return (1);
  }
 @@ -2216,8 +2235,8 @@ txt_fc_col(sp, argc, argv)
  
  	/* If the largest file name is too large, just print them. */
  	if (colwidth > sp->cols) {
 -		p = msg_print(sp, av[0]->bp + prefix, &nf);
  		for (ac = argc, av = argv; ac > 0; --ac, ++av) {
 +			p = msg_print(sp, av[0]->bp + prefix, &nf);
  			(void)ex_printf(sp, "%s\n", p);
  			if (F_ISSET(gp, G_INTERRUPTED))
  				break;
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->patched 
State-Changed-By: jh 
State-Changed-When: Fri May 28 09:52:31 UTC 2010 
State-Changed-Why:  
Patched in head (r208612). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=136393 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/136393: commit references a PR
Date: Sun,  8 Aug 2010 07:34:57 +0000 (UTC)

 Author: jh
 Date: Sun Aug  8 07:34:37 2010
 New Revision: 211060
 URL: http://svn.freebsd.org/changeset/base/211060
 
 Log:
   MFC r208612: Fixes from NetBSD for nvi visual mode
   
   PR:		bin/21089, bin/136393
 
 Modified:
   stable/8/contrib/nvi/vi/v_ex.c
   stable/8/contrib/nvi/vi/v_txt.c
 Directory Properties:
   stable/8/contrib/nvi/   (props changed)
 
 Modified: stable/8/contrib/nvi/vi/v_ex.c
 ==============================================================================
 --- stable/8/contrib/nvi/vi/v_ex.c	Sun Aug  8 07:04:27 2010	(r211059)
 +++ stable/8/contrib/nvi/vi/v_ex.c	Sun Aug  8 07:34:37 2010	(r211060)
 @@ -428,6 +428,10 @@ v_ex(sp, vp)
  			if (tp->term == TERM_BS)
  				break;
  
 +			/* If the user changed their mind, return. */
 +			if (tp->term != TERM_OK)
 +				break;
 +
  			/* Log the command. */
  			if (O_STR(sp, O_CEDIT) != NULL && v_ecl_log(sp, tp))
  				return (1);
 
 Modified: stable/8/contrib/nvi/vi/v_txt.c
 ==============================================================================
 --- stable/8/contrib/nvi/vi/v_txt.c	Sun Aug  8 07:04:27 2010	(r211059)
 +++ stable/8/contrib/nvi/vi/v_txt.c	Sun Aug  8 07:34:37 2010	(r211060)
 @@ -510,15 +510,6 @@ next:	if (v_event_get(sp, evp, 0, ec_fla
  	case E_EOF:
  		F_SET(sp, SC_EXIT_FORCE);
  		return (1);
 -	case E_INTERRUPT:
 -		/*
 -		 * !!!
 -		 * Historically, <interrupt> exited the user from text input
 -		 * mode or cancelled a colon command, and returned to command
 -		 * mode.  It also beeped the terminal, but that seems a bit
 -		 * excessive.
 -		 */
 -		goto k_escape;
  	case E_REPAINT:
  		if (vs_repaint(sp, &ev))
  			return (1);
 @@ -526,10 +517,37 @@ next:	if (v_event_get(sp, evp, 0, ec_fla
  	case E_WRESIZE:
  		/* <resize> interrupts the input mode. */
  		v_emsg(sp, NULL, VIM_WRESIZE);
 -		goto k_escape;
 +		/* FALLTHROUGH */
  	default:
 -		v_event_err(sp, evp);
 -		goto k_escape;
 +		if (evp->e_event != E_INTERRUPT && evp->e_event != E_WRESIZE)
 +			v_event_err(sp, evp);
 +		/*
 +		 * !!!
 +		 * Historically, <interrupt> exited the user from text input
 +		 * mode or cancelled a colon command, and returned to command
 +		 * mode.  It also beeped the terminal, but that seems a bit
 +		 * excessive.
 +		 */
 +		/*
 +		 * If we are recording, morph into <escape> key so that
 +		 * we can repeat the command safely: there is no way to
 +		 * invalidate the repetition of an instance of a command,
 +		 * which would be the alternative possibility.
 +		 * If we are not recording (most likely on the command line),
 +		 * simply discard the input and return to command mode
 +		 * so that an INTERRUPT doesn't become for example a file
 +		 * completion request. -aymeric
 +		 */
 +		if (LF_ISSET(TXT_RECORD)) {
 +			evp->e_event = E_CHARACTER;
 +			evp->e_c = 033;
 +			evp->e_flags = 0;
 +			evp->e_value = K_ESCAPE;
 +			break;
 +		} else {
 +			tp->term = TERM_ESC;
 +			goto k_escape;
 +		}
  	}
  
  	/*
 @@ -539,7 +557,7 @@ next:	if (v_event_get(sp, evp, 0, ec_fla
  	 * This was not documented as far as I know, and is a great test of vi
  	 * clones.
  	 */
 -	if (rcol == 0 && !LF_ISSET(TXT_REPLAY) && evp->e_c == '\0') {
 +	if (LF_ISSET(TXT_RECORD) && rcol == 0 && evp->e_c == '\0') {
  		if (vip->rep == NULL)
  			goto done;
  
 @@ -1456,6 +1474,7 @@ done:	/* Leave input mode. */
  
  err:
  alloc_err:
 +	F_CLR(sp, SC_TINPUT);
  	txt_err(sp, &sp->tiq);
  	return (1);
  }
 @@ -2216,8 +2235,8 @@ txt_fc_col(sp, argc, argv)
  
  	/* If the largest file name is too large, just print them. */
  	if (colwidth > sp->cols) {
 -		p = msg_print(sp, av[0]->bp + prefix, &nf);
  		for (ac = argc, av = argv; ac > 0; --ac, ++av) {
 +			p = msg_print(sp, av[0]->bp + prefix, &nf);
  			(void)ex_printf(sp, "%s\n", p);
  			if (F_ISSET(gp, G_INTERRUPTED))
  				break;
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/136393: commit references a PR
Date: Wed,  8 Sep 2010 18:06:31 +0000 (UTC)

 Author: jh
 Date: Wed Sep  8 18:06:05 2010
 New Revision: 212328
 URL: http://svn.freebsd.org/changeset/base/212328
 
 Log:
   MFC r208612: Fixes from NetBSD for nvi visual mode
   
   PR:		bin/21089, bin/136393
 
 Modified:
   stable/7/contrib/nvi/vi/v_ex.c
   stable/7/contrib/nvi/vi/v_txt.c
 Directory Properties:
   stable/7/contrib/nvi/   (props changed)
 
 Modified: stable/7/contrib/nvi/vi/v_ex.c
 ==============================================================================
 --- stable/7/contrib/nvi/vi/v_ex.c	Wed Sep  8 18:03:40 2010	(r212327)
 +++ stable/7/contrib/nvi/vi/v_ex.c	Wed Sep  8 18:06:05 2010	(r212328)
 @@ -428,6 +428,10 @@ v_ex(sp, vp)
  			if (tp->term == TERM_BS)
  				break;
  
 +			/* If the user changed their mind, return. */
 +			if (tp->term != TERM_OK)
 +				break;
 +
  			/* Log the command. */
  			if (O_STR(sp, O_CEDIT) != NULL && v_ecl_log(sp, tp))
  				return (1);
 
 Modified: stable/7/contrib/nvi/vi/v_txt.c
 ==============================================================================
 --- stable/7/contrib/nvi/vi/v_txt.c	Wed Sep  8 18:03:40 2010	(r212327)
 +++ stable/7/contrib/nvi/vi/v_txt.c	Wed Sep  8 18:06:05 2010	(r212328)
 @@ -510,15 +510,6 @@ next:	if (v_event_get(sp, evp, 0, ec_fla
  	case E_EOF:
  		F_SET(sp, SC_EXIT_FORCE);
  		return (1);
 -	case E_INTERRUPT:
 -		/*
 -		 * !!!
 -		 * Historically, <interrupt> exited the user from text input
 -		 * mode or cancelled a colon command, and returned to command
 -		 * mode.  It also beeped the terminal, but that seems a bit
 -		 * excessive.
 -		 */
 -		goto k_escape;
  	case E_REPAINT:
  		if (vs_repaint(sp, &ev))
  			return (1);
 @@ -526,10 +517,37 @@ next:	if (v_event_get(sp, evp, 0, ec_fla
  	case E_WRESIZE:
  		/* <resize> interrupts the input mode. */
  		v_emsg(sp, NULL, VIM_WRESIZE);
 -		goto k_escape;
 +		/* FALLTHROUGH */
  	default:
 -		v_event_err(sp, evp);
 -		goto k_escape;
 +		if (evp->e_event != E_INTERRUPT && evp->e_event != E_WRESIZE)
 +			v_event_err(sp, evp);
 +		/*
 +		 * !!!
 +		 * Historically, <interrupt> exited the user from text input
 +		 * mode or cancelled a colon command, and returned to command
 +		 * mode.  It also beeped the terminal, but that seems a bit
 +		 * excessive.
 +		 */
 +		/*
 +		 * If we are recording, morph into <escape> key so that
 +		 * we can repeat the command safely: there is no way to
 +		 * invalidate the repetition of an instance of a command,
 +		 * which would be the alternative possibility.
 +		 * If we are not recording (most likely on the command line),
 +		 * simply discard the input and return to command mode
 +		 * so that an INTERRUPT doesn't become for example a file
 +		 * completion request. -aymeric
 +		 */
 +		if (LF_ISSET(TXT_RECORD)) {
 +			evp->e_event = E_CHARACTER;
 +			evp->e_c = 033;
 +			evp->e_flags = 0;
 +			evp->e_value = K_ESCAPE;
 +			break;
 +		} else {
 +			tp->term = TERM_ESC;
 +			goto k_escape;
 +		}
  	}
  
  	/*
 @@ -539,7 +557,7 @@ next:	if (v_event_get(sp, evp, 0, ec_fla
  	 * This was not documented as far as I know, and is a great test of vi
  	 * clones.
  	 */
 -	if (rcol == 0 && !LF_ISSET(TXT_REPLAY) && evp->e_c == '\0') {
 +	if (LF_ISSET(TXT_RECORD) && rcol == 0 && evp->e_c == '\0') {
  		if (vip->rep == NULL)
  			goto done;
  
 @@ -1456,6 +1474,7 @@ done:	/* Leave input mode. */
  
  err:
  alloc_err:
 +	F_CLR(sp, SC_TINPUT);
  	txt_err(sp, &sp->tiq);
  	return (1);
  }
 @@ -2216,8 +2235,8 @@ txt_fc_col(sp, argc, argv)
  
  	/* If the largest file name is too large, just print them. */
  	if (colwidth > sp->cols) {
 -		p = msg_print(sp, av[0]->bp + prefix, &nf);
  		for (ac = argc, av = argv; ac > 0; --ac, ++av) {
 +			p = msg_print(sp, av[0]->bp + prefix, &nf);
  			(void)ex_printf(sp, "%s\n", p);
  			if (F_ISSET(gp, G_INTERRUPTED))
  				break;
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: jh 
State-Changed-When: Fri Sep 10 04:57:06 UTC 2010 
State-Changed-Why:  
Fixed in head, stable/8 and stable/7. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=136393 
>Unformatted:
