[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-nano] Segfaults in libc-2.19 w/ 2.9.2

From: Benno Schulenberg
Subject: Re: [Help-nano] Segfaults in libc-2.19 w/ 2.9.2
Date: Mon, 22 Jan 2018 11:25:44 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0

Op 22-01-18 om 01:53 schreef Andreas Schamanek:
I eventually managed to provoke another segfault. As Benno suggested, I tried to reproduce the exact same scenario, and it worked! It's that rare moment of great joy where for once you are actually glad the program crashes ;)


I haven't yet recompiled nano with Brand Huntsman's patch, however, I was able to narrow the crash scenario down quite a bit (at least on my system) and wanted to share this already. Maybe the bug is apparent, anyway:

1) Make a backup of .nanorc: `mv .nanorc .nanorc.bak`
2) Create .nanorc with only `set trimblanks`, e.g with

    echo set trimblanks >~/.nanorc

3) Start nano without any options: `"nano"`

To reproduce, I needed to add the option: --fill=72.  (My terminal is wider
than 80 characters, and someone might have 'set nowrap' in /etc/nanorc.)

4) Type (copy-paste)

12345678901234567890123456789012345678901234567890123 x 1234567890123

5) Place cursor behind x (position 56) and type the following keys

   1 2 3 space 4 5 6

6) When hitting space the text at the end of the line ("1234567890123")
will wrap. When typing 5 the crash occurs,

Okay.  Can reproduce now!

I would write the recipe as follows, though:

  echo "set trimblanks" >> ~/.nanorc
  echo "1234567890123456789012345678901234567890123456789012 x  1234567890123" \

(Note the double space after the "x".)  Then run:

  src/nano  --fill=72  +1,56  numbers

Then type:  abc <Space> de

Result: Segmentation fault.

Note that when you type the <Space>, the cursor does not advance.  That is
obviously wrong.  Apparently the "trimblanks" eats the space that you have
just typed.  The typed "d" then disappears into the void, and the "e" then
is too much and crashes the program.

Attached patch fixes the problem.  I'm not sure it covers all cases, and
whether it is correct in all cases, but at least it avoids this fault.

(If you wish, please report the bug on Savannah.  If you don't want to
bother with signing up first, I can post the bug for you.)


Attachment: dont-eat-a-just-typed-space.patch
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]