Re: [Nano-devel] Crash report - segfault reproduceable

[David Lawrence Ramsey]

Mike Frysinger wrote:
> On Thursday 02 February 2006 18:02, David Lawrence Ramsey wrote:
>> No problem.  Would you try getting the latest CVS, applying the
>> following patch, running nano WITHOUT the -O/--morespace option (as
>> the debugging output is on the line that that option makes part of
>> the edit window) so that it crashes, and telling me what results are
>> shown during the entire session?  Thanks in advance.
>
> well if i use a terminal size of 81x24 it crashes at startup:
> line 1: allocated 83 bytes, index == 88, converted length == 89

I can reproduce this now.  I've been using UTF-8 mode exclusively for
awhile now, and the size of MB_CUR_MAX apparently provides enough of a
buffer that the buffer overflow in display_string() that you're seeing
doesn't happen.  Current CVS allocates COLS characters per line, and the
extra tab on the end overflows it, so adding room for tabsize
characters, as in the attached patch, should fix it.  Please let me know
if it does (and please apply it on top of the other patch so that I can
be sure).

Note that this doesn't fix the problem with the "coretest" file, so it's
most likely a separate problem.

> also, it'd be easier to capture the output if that statement wrote to
> stderr ...

True, but it'd be harder to see what was onscreen, which is why I did it
that way.  If the attached patch doesn't work, I'll make a new version
of the other patch.

diff -ur nano/src/winio.c nano-fixed/src/winio.c
--- nano/src/winio.c    2006-01-30 16:23:51.000000000 -0500
+++ nano-fixed/src/winio.c      2006-02-02 19:35:09.000000000 -0500
@@ -1809,7 +1809,7 @@
     assert(column <= start_col);
 
     /* Allocate enough space for the entire line. */
-    alloc_len = (mb_cur_max() * (COLS + 1));
+    alloc_len = (mb_cur_max() * (COLS + tabsize + 1));
 
     converted = charalloc(alloc_len + 1);
     index = 0;