retitle 464628 tweak crashes as superuser when terminal size is exceeded thanks
Thanks for the report!
On Thu 2008-02-07 21:19:10 -0500, A. Costa wrote:
> As 'root' in an xterm:
>
> # Show current size.
> % echo $COLUMNS $LINES
> 99 34
> # view hard drive
> % tweak -l /dev/hda
>
> Do "^X w" 24 -- width changes to 24 lines.
> Do "^X w" 25 -- tweak displays a page of misalligned data, and aborts:
>
> { stuff deleted }
> 0-b7f94000 rw-p 0001b000 03:03 53809 /lib/ld-2.7.so
> bfc17000-bfc2c000
> rw-p bffeb000 00:00 0 [stack]
> ffffe000-fffff000 r-xp 00000000 00:00 0 [vdso]
>
> Aborted
> % echo $?
> 134
Interesting. I can replicate this on an arm machine (haven't tried as
superuser on an i386 machine yet), but only as the superuser. It
doesn't seem to require using a block device, either (i can reproduce
the error on a normal file).
As it sounds like you've deduced, the problem appears to trigger when
the size of the terminal is smaller than the view to be displayed, and
this only when the user is the superuser. Weird.
fwiw, it looks like Simon Tatham has a patch for this in the
repository:
[0 [EMAIL PROTECTED] ~]$ svn log -r7478 svn://svn.tartarus.org/sgt/tweak
------------------------------------------------------------------------
r7478 | simon | 2007-04-26 04:44:41 -0400 (Thu, 26 Apr 2007) | 5 lines
Fix memory overwrite when increasing display width in mid-editing.
(That operation increases the amount of data displayed on screen,
but failed to trigger a realloc of the buffer used to hold that data
during display.)
------------------------------------------------------------------------
[0 [EMAIL PROTECTED] ~]$ svn diff -r7477:7478 svn://svn.tartarus.org/sgt/tweak
Index: main.c
===================================================================
--- main.c (revision 7477)
+++ main.c (revision 7478)
@@ -469,7 +469,7 @@
}
static unsigned char *scrbuf = NULL;
-static int scrbuflines = 0;
+static int scrbufsize = 0;
/*
* Draw the screen, for normal usage.
@@ -484,16 +484,15 @@
char *linebuf;
scrlines = display_rows - 2;
- if (scrlines > scrbuflines) {
- scrbuf = (scrbuf ?
- realloc(scrbuf, scrlines*width) :
- malloc(scrlines*width));
+ scrsize = scrlines * width;
+ if (scrsize > scrbufsize) {
+ scrbuf = (scrbuf ? realloc(scrbuf, scrsize) : malloc(scrsize));
if (!scrbuf) {
done();
fprintf(stderr, "%s: out of memory!\n", pname);
exit (2);
}
- scrbuflines = scrlines;
+ scrbufsize = scrsize;
}
linebuf = malloc(width*4+20);
@@ -509,7 +508,8 @@
scroff = width - offset;
else
scroff = 0;
- scrsize = scrlines * width - scroff;
+
+ scrsize -= scroff;
if (scrsize > file_size - top_pos)
scrsize = file_size - top_pos;
[0 [EMAIL PROTECTED] ~]$
I'll try to apply this patch shortly and see if it clears up the
problem. I'm still disturbed that it doesn't get triggered as a
non-privileged user currently, though. Does that mean silent
corruption possibly if there's bad pointer arithmetic? Have you been
able to reproduce the error as a non-privileged user?
Also interestingly, i can't reproduce this hard failure on a simple
backport to etch, whether as superuser or not.
Thanks again for the report. I hope to get this wrapped up shortly.
--dkg
pgpuQkq2FxhGI.pgp
Description: PGP signature
