On Fri, Nov 20, 2015 at 10:52:28AM -0200, Marc Collin wrote:
> Hello, I want to report a segfault when using st.
>
> Steps to reproduce:
> 1) open st
> 2) "vim file"
> 3) Press "Enter"
>
> Around 30% of times this results in a crash.
> Here's the message st gives:
>
> erresc: unknown sequence ES
On Sat, Nov 21, 2015 at 06:57:30AM -0500, Greg Reagle wrote:
> On Sat, Nov 21, 2015 at 11:08:08AM +0100, Martti Kühne wrote:
> > What makes you think this is an overflow?
>
> Because the segmentation fault occurs when ptr goes past the end of buf.
But you're right that buflen becomes a negative n
On Sat, Nov 21, 2015 at 11:08:08AM +0100, Martti Kühne wrote:
> What makes you think this is an overflow?
Because the segmentation fault occurs when ptr goes past the end of buf.
On Fri, Nov 20, 2015 at 9:00 PM, Greg Reagle wrote:
> That's right--buf is accessed without bounds checked. The problem is in
> ttyread() in the while loop, buf gets overflowed, i.e. ptr - buf exceeds
> BUFSIZ (8192). Haven't figured out how to remedy the problem (yet).
>
>
What makes you thin
That's right--buf is accessed without bounds checked. The problem is in
ttyread() in the while loop, buf gets overflowed, i.e. ptr - buf exceeds
BUFSIZ (8192). Haven't figured out how to remedy the problem (yet).
On 11/20/2015 01:16 PM, Martti Kühne wrote:
I can generally reproduce this reli
I can generally reproduce this reliably using
$ st -e cat /dev/urandom
In what way the underflow of buflen is caused though, I have not yet
been able to determine.
One aspect of the problem is definitely that buflen is generally never
range-checked.
cheers!
mar77i
Hahaha.
I can clearly see this happen in the code in ttyread().
You don't even exist for this code.
cheers!
mar77i
Following up, the backtrace. I wish this helps. Let me know what else
I can do. Thanks.
erresc: unknown sequence ESC 0xFD '.'
./seg_wrapper.sh: line 3: 2870 Segmentation fault (core dumped) "$@"
Reading symbols from st...done.
[New LWP 2870]
warning: Can't read pathname for load map: No err
v4hn - sorry. my terminfo is version 6.0. my kernel has the grsec
patch. I'll try to see if I can get a backtrace as you request.
Martii - my vimrc is simple.
set nocompatible, set bs=2, set history=50, set ruler and set
nomodeline. That's all I have.
On Fri, Nov 20, 2015 at 11:20 AM, Martti K
On Fri, Nov 20, 2015 at 2:09 PM, Marc Collin wrote:
> I am using the grsec kernel, for better security. Maybe st doesn't
> play well with that?
> Just tested on a clean st and it segfaults too.
>
I'm not familiar with the details of grsecurity, but it's definitely
not about parsing escape sequenc
On Fri, Nov 20, 2015 at 10:52:28AM -0200, Marc Collin wrote:
> Hello, I want to report a segfault when using st.
>
> Steps to reproduce:
> 1) open st
> 2) "vim file"
> 3) Press "Enter"
>
> Around 30% of times this results in a crash.
> Here's the message st gives:
>
> erresc: unknown sequence ES
I am using the grsec kernel, for better security. Maybe st doesn't
play well with that?
Just tested on a clean st and it segfaults too.
On Fri, Nov 20, 2015 at 11:03 AM, FRIGN wrote:
> On Fri, 20 Nov 2015 10:52:28 -0200
> Marc Collin wrote:
>
> Hey Marc,
>
>> Hello, I want to report a segfault w
On Fri, 20 Nov 2015 10:52:28 -0200
Marc Collin wrote:
Hey Marc,
> Hello, I want to report a segfault when using st.
I can't reproduce it here. What system are you
running, any memory guards?
Does it happen with a "clean" st (delete config.h,
recompile)?
Cheers
FRIGN
--
FRIGN
Hello, I want to report a segfault when using st.
Steps to reproduce:
1) open st
2) "vim file"
3) Press "Enter"
Around 30% of times this results in a crash.
Here's the message st gives:
erresc: unknown sequence ESC 0xFD '.'
Segmentation fault
I am using the latest st from the git repo.
If any
14 matches
Mail list logo
