Bug 12561

Summary: busybox vi segfault when randomly deleting lines and undoing
Product: Busybox Reporter: rainer.canavan+busybox
Component: OtherAssignee: unassigned
Status: NEW ---    
Severity: normal CC: busybox-cvs
Priority: P5    
Version: 1.30.x   
Target Milestone: ---   
Hardware: PC   
OS: Linux   
Host: Target:
Build:

Description rainer.canavan+busybox 2020-02-18 11:27:49 UTC 
busybox vi reproducably segfaults when "randomly" deleting lines and undoing those changes. Observed with busybox-static 1.27.2-2ubuntu7 on Ubuntu Disco and  
busybox-1.30.1-r3 on alpine

How to reproduce: File edited is 557 bytes and 25 lines of JSON

busybox vi <filename>

randomly input any of the following commands

7dd
k
j
dd
u

preferrably such that the deleted sections overlap, but are not identical to those restored by a preceding undo

(gdb) bt full
#0  0x00000000004685b9 in __memmove_avx_unaligned_erms ()
No symbol table info available.
#1  0x0000000000583e17 in memmove (__len=<optimized out>, __src=0x5fe3e6, __dest=0x5fe443) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:40
No locals.
#2  text_hole_make (
    p=p@entry=0x5fe3e6 "71d6ef8\",\n    \"host\":  "..., size=93) at editors/vi.c:2488
        bias = 0
#3  0x0000000000586d0b in undo_pop () at editors/vi.c:2399
        repeat = <optimized out>
        u_start = 0x5fe3e6 "71d6ef8\",\n    \"host\": \"...
        u_end = <optimized out>
        undo_entry = 0x6018f0
        repeat = <optimized out>
        u_start = <optimized out>
        u_end = <optimized out>
        undo_entry = <optimized out>
#4  do_cmd (c=c@entry=117) at editors/vi.c:3697
        p = 0x5fe362 ' ' <repeats 69 times>
        q = 0x5fac48 ""
        save_dot = <optimized out>
        buf = '\000' <repeats 11 times>
        dir = <optimized out>
        cnt = <optimized out>
        i = <optimized out>
        j = <optimized out>
        c1 = <optimized out>
#5  0x0000000000588162 in edit_file (fn=<optimized out>) at editors/vi.c:880
        c = 117
        sig = <optimized out>
#6  0x00000000005882c2 in vi_main (argc=1, argv=0x7fffffffdbc8) at editors/vi.c:701
        c = <optimized out>
#7  0x000000000050f34e in run_applet_no_and_exit (applet_no=239, name=name@entry=0x7fffffffdf9e "vi", argv=argv@entry=0x7fffffffdbc0) at libbb/appletlib.c:916
        argc = 2
#8  0x000000000050f64f in run_applet_and_exit (name=0x7fffffffdf9e "vi", argv=argv@entry=0x7fffffffdbc0) at libbb/appletlib.c:934
        applet = <optimized out>
#9  0x000000000050f632 in busybox_main (argv=0x7fffffffdbc0) at libbb/appletlib.c:875
        a = <optimized out>
        col = <optimized out>
        output_width = <optimized out>
        len2 = <optimized out>
        i = <optimized out>
        a = <optimized out>
        v = <optimized out>
        use_symbolic_links = <optimized out>
        busybox = <optimized out>
#10 run_applet_and_exit (name=<optimized out>, argv=argv@entry=0x7fffffffdbb8) at libbb/appletlib.c:927
No locals.
#11 0x000000000050f6dd in main (argc=<optimized out>, argv=0x7fffffffdbb8) at libbb/appletlib.c:1032
No locals.