From nobody@FreeBSD.org  Sat Feb 21 16:26:15 2004
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 99AD916A4CE
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 21 Feb 2004 16:26:15 -0800 (PST)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7E07B43D1D
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 21 Feb 2004 16:26:15 -0800 (PST)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.10/8.12.10) with ESMTP id i1M0QF72012087
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 21 Feb 2004 16:26:15 -0800 (PST)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.10/8.12.10/Submit) id i1M0QF4L012086;
	Sat, 21 Feb 2004 16:26:15 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200402220026.i1M0QF4L012086@www.freebsd.org>
Date: Sat, 21 Feb 2004 16:26:15 -0800 (PST)
From: Nikolas Britton <freebsd@nbritton.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: tftp Bus error, core dumped
X-Send-Pr-Version: www-2.3

>Number:         63197
>Category:       bin
>Synopsis:       [patch] tftp(1) Bus error, core dumped
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          analyzed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Feb 21 16:30:16 PST 2004
>Closed-Date:    
>Last-Modified:  Sat May 24 19:21:28 UTC 2008
>Originator:     Nikolas Britton
>Release:        5.2
>Organization:
>Environment:
VMware Version: 4.0.5 build-6030 (Win2k Host)
uname -a
FreeBSD FreeBSD5.nbritton.org 5.2-RELEASE FreeBSD 5.2-RELEASE #0: Sun Jan 11 04:21:45 GMT 2004     root@wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC   i386
>Description:
FreeBSD5# tftp
tftp>
tftp>
tftp> Bus error (core dumped)
FreeBSD5# Feb 21 18:07:59 FreeBSD5 kernel: pid 3465 (tftp), uid 0: exited on signal 10 (core dumped)    
>How-To-Repeat:
#tftp
tftp> Ctrl C
tftp> Ctrl C
tftp> Ctrl Z
>Fix:
      
>Release-Note:
>Audit-Trail:

From: Kris Kennaway <kris@obsecurity.org>
To: Nikolas Britton <freebsd@nbritton.org>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: misc/63197: tftp Bus error, core dumped
Date: Mon, 23 Feb 2004 04:42:28 -0800

 On Sat, Feb 21, 2004 at 04:26:15PM -0800, Nikolas Britton wrote:
 > 
 > >Number:         63197
 > >Category:       misc
 > >Synopsis:       tftp Bus error, core dumped
 > >Confidential:   no
 > >Severity:       non-critical
 > >Priority:       low
 > >Responsible:    freebsd-bugs
 > >State:          open
 > >Quarter:        
 > >Keywords:       
 > >Date-Required:
 > >Class:          sw-bug
 > >Submitter-Id:   current-users
 > >Arrival-Date:   Sat Feb 21 16:30:16 PST 2004
 > >Closed-Date:
 > >Last-Modified:
 > >Originator:     Nikolas Britton
 > >Release:        5.2
 > >Organization:
 > >Environment:
 > VMware Version: 4.0.5 build-6030 (Win2k Host)
 > uname -a
 > FreeBSD FreeBSD5.nbritton.org 5.2-RELEASE FreeBSD 5.2-RELEASE #0: Sun Jan 11 04:21:45 GMT 2004     root@wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC   i386
 > >Description:
 > FreeBSD5# tftp
 > tftp>
 > tftp>
 > tftp> Bus error (core dumped)
 > FreeBSD5# Feb 21 18:07:59 FreeBSD5 kernel: pid 3465 (tftp), uid 0: exited on signal 10 (core dumped)    
 > >How-To-Repeat:
 > #tftp
 > tftp> Ctrl C
 > tftp> Ctrl C
 > tftp> Ctrl Z
 
 I can confirm this.  On my sparc the gdb backtrace is:
 
 (gdb) bt
 #0  0x0000000040546b88 in kill () from /lib/libc.so.5
 #1  0x0000000040545cbc in __utrap_kill_self () from /lib/libc.so.5
 #2  0x0000000040545c48 in __sparc_utrap () from /lib/libc.so.5
 #3  0x00000000404e10ac in __sparc_utrap_gen () from /lib/libc.so.5
 #4  0x000000000010b470 in read_char (el=0x0, cp=0x4069a8a0 "") at /usr/src/lib/libedit/read.c:265
 #5  0x000000000000000e in ?? ()
 #6  0x000000000010b578 in el_getc (el=0x23fc00, cp=0x7fdffffe37e "") at /usr/src/lib/libedit/read.c:311
 #7  0x000000000010b350 in read_getcmd (el=0x23fc00, cmdnum=0x7fdffffe37f "", ch=0x7fdffffe37e "")
     at /usr/src/lib/libedit/read.c:207
 #8  0x000000000010b74c in el_gets (el=0x23fc00, nread=0x7fdffffe44c) at /usr/src/lib/libedit/read.c:407
 #9  0x0000000000102f48 in command () at /usr/src/usr.bin/tftp/main.c:647
 #10 0x0000000000101fd4 in main (argc=1, argv=0x7fdffffe6c8) at /usr/src/usr.bin/tftp/main.c:174
 #11 0x0000000000101dc8 in _start ()
 
 Kris

From: Gavin Atkinson <gavin.atkinson@ury.york.ac.uk>
To: bug-followup@FreeBSD.org, freebsd@nbritton.org
Cc:  
Subject: Re: bin/63197: tftp Bus error, core dumped
Date: Sun, 06 May 2007 16:08:00 +0100

 This is still a problem in -HEAD.  As far as I can tell, the reason is
 as follows:
 
 We enable libedit's signal handling with "el_set(el, EL_SIGNAL, 1)"
 We also set up our own SIGINT signal handler, which essentially
 longjmp()s back to the start.
 
 Having a signal handler call longjmp is probably not a good idea anyway,
 but in conjunction with the libedit handler leads to the internal state
 of libedit becoming confused, and the next time libedit receives a
 signal (eg suspend, or resizing the window), libedit will die.
 
 Removing either of the two signal handlers prevents the crash, but it's
 not ideal as some functionality is lost.  Switching off libedit's
 handling means that resumes or window resizes won't refresh the screen,
 removing the SIGINT handler means that transfers can't be stopped.
 
 I've tried calling el_reset after we receive the interrupt, but that
 doesn't help.
 
 OpenBSD have fixed this by having the signal handler only set an atomic
 flag, which is then regularly polled from the main code.  Although it is
 worth noting that OpenBSD don't use libedit, so the fix can't be
 directly imported.
State-Changed-From-To: open->analyzed 
State-Changed-By: gavin 
State-Changed-When: Fri Jun 29 12:47:37 UTC 2007 
State-Changed-Why:  

Pretty sure I know what's happening here, set state to show this 

http://www.freebsd.org/cgi/query-pr.cgi?pr=63197 

From: Alex Vasylenko <lxv@omut.org>
To: bug-followup@FreeBSD.org, freebsd@nbritton.org
Cc: Gavin Atkinson <gavin.atkinson@ury.york.ac.uk>,
        Kris Kennaway <kris@obsecurity.org>
Subject: Re: bin/63197: tftp Bus error, core dumped
Date: Sat, 08 Mar 2008 01:09:49 -0500

 This is a multi-part message in MIME format.
 --------------080802000805000105040905
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: 7bit
 
 Please try attached patch. It should also address the issue of empty
 history after ^C (test case: start tftp; type '?<enter>'; check history
 - command is there; ^C; check history - empty)
 
 --------------080802000805000105040905
 Content-Type: text/plain;
  name="tftp_main_c.patch"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="tftp_main_c.patch"
 
 --- /usr/src/usr.bin/tftp/main.c	2003-10-11 20:27:55.000000000 -0400
 +++ main.c	2008-03-08 00:33:18.000000000 -0500
 @@ -106,7 +106,7 @@
  void	setverbose(int, char **);
  void	status(int, char **);
  
 -static void command(void) __dead2;
 +static void command(int, EditLine *, History *, HistEvent *);
  static const char *command_prompt(void);
  
  static void getusage(char *);
 @@ -161,17 +161,42 @@
  	int argc;
  	char *argv[];
  {
 +	int vrbose;
 +	EditLine *el;
 +	History *hist;
 +	HistEvent he;
 +   
  	f = -1;
  	strcpy(mode, "netascii");
  	signal(SIGINT, intr);
 +
 +	vrbose = isatty(0);
 +	el = 0;
 +	hist = 0;
 +
 +	if (vrbose) {
 +		el = el_init("tftp", stdin, stdout, stderr);
 +		hist = history_init();
 +		history(hist, &he, H_EVENT, 100);
 +		el_set(el, EL_HIST, history, hist);
 +		el_set(el, EL_EDITOR, "emacs");
 +		el_set(el, EL_PROMPT, command_prompt);
 +		el_set(el, EL_SIGNAL, 1);
 +		el_source(el, NULL);
 +	}
 +
  	if (argc > 1) {
  		if (setjmp(toplevel) != 0)
  			exit(txrx_error);
  		setpeer(argc, argv);
  	}
 -	if (setjmp(toplevel) != 0)
 +	if (setjmp(toplevel) != 0) {
 +		if (vrbose) {
 +			el_reset(el);
 +		}
  		(void)putchar('\n');
 -	command();
 +	}
 +	command(vrbose, el, hist, &he);
  }
  
  char    hostname[MAXHOSTNAMELEN];
 @@ -621,35 +646,21 @@
   * Command parser.
   */
  static void
 -command()
 +command(int vrbose, EditLine *el, History *hist, HistEvent *hep)
  {
 -	HistEvent he;
  	struct cmd *c;
 -	static EditLine *el;
 -	static History *hist;
  	const char *bp;
  	char *cp;
 -	int len, num, vrbose;
 +	int len, num;
  
 -	vrbose = isatty(0);
 -	if (vrbose) {
 -		el = el_init("tftp", stdin, stdout, stderr);
 -		hist = history_init();
 -		history(hist, &he, H_EVENT, 100);
 -		el_set(el, EL_HIST, history, hist);
 -		el_set(el, EL_EDITOR, "emacs");
 -		el_set(el, EL_PROMPT, command_prompt);
 -		el_set(el, EL_SIGNAL, 1);
 -		el_source(el, NULL);
 -	}
  	for (;;) {
  		if (vrbose) {
 -                        if ((bp = el_gets(el, &num)) == NULL || num == 0)
 -                                exit(0);
 -                        len = (num > MAXLINE) ? MAXLINE : num;
 -                        memcpy(line, bp, len);
 -                        line[len] = '\0';
 -                        history(hist, &he, H_ENTER, bp);
 +			if ((bp = el_gets(el, &num)) == NULL || num == 0)
 +				exit(0);
 +			len = (num > MAXLINE) ? MAXLINE : num;
 +			memcpy(line, bp, len);
 +			line[len] = '\0';
 +			history(hist, hep, H_ENTER, bp);
  		} else {
  			if (fgets(line, sizeof line , stdin) == 0) {
  				if (feof(stdin)) {
 
 --------------080802000805000105040905--
>Unformatted:
