Core dump in SCAME bug fix

H. Morrow Long [Systems Center] long at ittvax.UUCP
Thu Feb 28 10:34:21 AEST 1985 

Index:	scame/src/main.c

Description:
	If scame is started up with no file arguments (and gazonk
	doesn't exist) and a space is typed in (as the first character)
	or the user immediately selects overwrite mode and types in ANY
	character - scame will abort prematurely with the message
	"Segmentation Violation (Core Dumped)".

	This occurred on a Vax 11/780 running 4.2bsd.  The latest bug
	fixes posted to the net had been applied to the scame source.

	(For the technically inclined)
	------------------------------
	Debugging with adb showed the problem occurring in k_insertc()
	(called by editloop() <- called by main()) where *dot is tested
	to see if it is equal to '\n' (after this is a test which would
	be true, dot is equal to z in the beginning).  Alternatively,
	and also causing a core dump, if the character being inserted
	is not a space but overwrite mode is in effect we try to store
	cmdchar in *dot.  The problem is caused by the fact that SCAME
	does not really use malloc/free for memory allocation but sets
	dot, z and other pointer variable to the beginning of dynamic
	memory (via sbrk(0)) in main() and sbrk()'s additional memory
	if arithmetic on the various pointers warrants it when
	inserting characters (using incbuf() in scame0.c).
	Unfortunately no memory has been allocated in the described
	circumstances for dot (or z, etc) to point to yet.

Repeat-By:
	
	$ scame -r

	...type a space immediately


	or 

	$ scame -r
	^[^Xoverwrite

	....type any character


Fix:

% rcsdiff -c main.c
RCS file: RCS/main.c,v
retrieving revision 1.3
diff -c -r1.3 main.c
*** /tmp/,RCSt1012276	Wed Feb 27 19:31:06 1985
--- main.c	Wed Feb 27 19:30:49 1985
***************
*** 142,148
  #endif
    getwd(currentdir);
    free(malloc(0x80));		/* For getchar(). */
!   buf=sbrk(0);			/* Obtain the startaddress of the buffer */
    bufsize = 0;
    dot=home=z=otherdot=otherhome=gaps=gape=buf;
    away=NIL;

--- 142,151 -----
  #endif
    getwd(currentdir);
    free(malloc(0x80));		/* For getchar(). */
!   /*
!    * Make sure at least one byte gets allocated.
!    */
!   buf=sbrk(1);			/* Obtain the startaddress of the buffer */
    bufsize = 0;
    dot=home=z=otherdot=otherhome=gaps=gape=buf;
    away=NIL;
%
-- 

				H. Morrow Long
				ITT-ATC Systems Center,
				1 Research Drive Shelton, CT  06484
				Phone #: (203)-929-7341 x. 634
	
path = {allegra bunker ctcgrafx dcdvaxb dcdwest ucbvax!decvax duke eosp1
	ittral lbl-csam milford mit-eddie psuvax1 purdue qubix qumix 
	research sii supai tmmnet twg uf-cgrl wxlvax yale}!ittvax!long

More information about the Comp.sources.bugs mailing list