From roberte@ghost.mep.ruhr-uni-bochum.de  Wed Mar 12 16:17:33 1997
Received: from ghost.mep.ruhr-uni-bochum.de (ghost.mep.ruhr-uni-bochum.de [134.147.6.16])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA21399
          for <FreeBSD-gnats-submit@freebsd.org>; Wed, 12 Mar 1997 16:16:24 -0800 (PST)
Received: (from roberte@localhost)
          by ghost.mep.ruhr-uni-bochum.de (8.8.4/8.8.4)
	  id BAA04027; Thu, 13 Mar 1997 01:11:26 +0100 (CET)
Message-Id: <199703130011.BAA04027@ghost.mep.ruhr-uni-bochum.de>
Date: Thu, 13 Mar 1997 01:11:26 +0100 (CET)
From: Robert Eckardt <roberte@MEP.Ruhr-Uni-Bochum.de>
Reply-To: roberte@MEP.Ruhr-Uni-Bochum.de
To: FreeBSD-gnats-submit@freebsd.org
Subject: fmt dumps core on ^M
X-Send-Pr-Version: 3.2

>Number:         2968
>Category:       bin
>Synopsis:       fmt dumps core on ^M
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar 12 16:20:01 PST 1997
>Closed-Date:    Wed Aug 20 20:44:56 PDT 1997
>Last-Modified:  Wed Aug 20 20:45:55 PDT 1997
>Originator:     Robert Eckardt
>Release:        FreeBSD 2.2-BETA_A i386
>Organization:
Home sweet home
>Environment:

	FreeBSD-2.2-beta with tcsh under X

>Description:

	fmt experiences Bus error when one tries to format
	a text that contains ^M (CRs), i.e. e.g. from an
	MSDOS system.

>How-To-Repeat:

	In the simplest case:
	1:05 ghost: /home/re 0% printf '\r'>fmttest
	1:05 ghost: /home/re 0% fmt fmttest
	Bus error (core dumped)

>Fix:
	
	??? (no space for sources)

>Release-Note:
>Audit-Trail:

From: Gareth McCaughan <gjm11@dpmms.cam.ac.uk>
To: freebsd-bugs@freebsd.org
Cc:  Subject: Re: bin/2968: fmt dumps core on ^M 
Date: Thu, 13 Mar 1997 18:47:53 +0000

 Robert Eckardt wrote:
 
 > 	fmt experiences Bus error when one tries to format
 > 	a text that contains ^M (CRs), i.e. e.g. from an
 > 	MSDOS system.
 
 Actually, that's not quite true. I think it only happens if you
 invoke it with a file whose first line contains only non-printing
 characters.
 
 The problem is caused by the fact that, when a line of this kind is
 seen, the |canonb| pointer may not get initialised; as a consequence
 the loop
     for (cp2--; cp2 >= canonb && *cp2 == ' '; cp2--)
 (before the start of which |cp2==canonb| in this situation) loses
 because pointers are compared as if they're unsigned.
 
 I believe the following patch fixes the problem. It certainly
 looks OK and repairs the test cases I've tried.
 
 ---------- patch begins ----------
 *** fmt.c.orig	Thu Mar 13 10:57:48 1997
 --- fmt.c	Thu Mar 13 18:43:13 1997
 ***************
 *** 147,153 ****
   	register char *cp, *cp2, cc;
   	register int c, col;
   #define CHUNKSIZE 1024
 ! 	static int lbufsize = 0, cbufsize = 0;
   
   	if (center) {
   		linebuf = malloc(BUFSIZ);
 --- 147,157 ----
   	register char *cp, *cp2, cc;
   	register int c, col;
   #define CHUNKSIZE 1024
 ! 	static int lbufsize = 0, cbufsize = CHUNKSIZE;
 ! 
 ! 	canonb = malloc(CHUNKSIZE);
 ! 	if (canonb == 0)
 ! 		abort();
   
   	if (center) {
   		linebuf = malloc(BUFSIZ);
 ----------- patch ends -----------
 
 -- 
 Gareth McCaughan       Dept. of Pure Mathematics & Mathematical Statistics,
 gjm11@dpmms.cam.ac.uk  Cambridge University, England.
State-Changed-From-To: open->closed 
State-Changed-By: jlemon 
State-Changed-When: Wed Aug 20 20:44:56 PDT 1997 
State-Changed-Why:  
Attached fix applied. 
>Unformatted:
