| Summary: | vi: recursion of do_cmd leads to easy crashes | ||
|---|---|---|---|
| Product: | Busybox | Reporter: | Ian Wienand <ianw> |
| Component: | Other | Assignee: | unassigned |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | busybox-cvs, tanguy.pruvot |
| Priority: | P5 | ||
| Version: | 1.19.x | ||
| Target Milestone: | --- | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Host: | Target: | ||
| Build: | |||
Fixed in git: commit 12e154f0cf4dba7bc508356649f8d57ec1dbef37 Author: Denys Vlasenko <vda.linux@googlemail.com> Date: Fri Sep 9 12:35:49 2011 +0200 vi: prevent unlimited recursion in do_cmd(). Closes 4153 |
If you simply type "123456j" then you'll crash busybox vi The problem is the blind recursion in do_cmd, where you recurse without bound based on 'cmdcnt' --- case 10: // Newline ^J case 'j': // j- goto next line, same col case KEYCODE_DOWN: // cursor key Down if (--cmdcnt > 0) { do_cmd(c); } dot_next(); // go to next B-o-l dot = move_to_col(dot, ccol + offset); // try stay in same col break; --- several commands seem to follow this idiom and thus have the same issue.