* acme fault read on incorrect dump file
@ 2014-12-09 0:45 bdhpfl
0 siblings, 0 replies; only message in thread
From: bdhpfl @ 2014-12-09 0:45 UTC (permalink / raw)
To: 9front
Acme generated a dump file, loading it later made it crash. This file
reproduces the crash:
term% cat bug.dump
/
/lib/font/bit/vga/unicode.font
/lib/font/bit/vga/unicode.font
0 44
F 0 4 0 0 56 0
6 19 0 0 0 Look
term%
/sys/src/cmd/acme/rows.c:652,656
for(; n<nr; n++)
if(r[n] == '|')
break;
wincleartag(w);
textinsert(&w->tag, w->tag.file->nc, r+n+1, nr-(n+1), TRUE);
If rowload() doesn't find a '|' in a row in the dump file,
then n == nr, so textinsert() gets called with (uint)-1 as string
length, and at the end of the call chain memmove() does a fault read.
Fix: when n >= nr, either do n = nr-1 or goto Rescue2. I couldn't
make acme reproduce the incorrect Dump yet.
paperwing
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-12-09 0:45 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-12-09 0:45 acme fault read on incorrect dump file bdhpfl
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).