pac - core dumps and oddities (with fixes)
Guy Harris
guy at auspex.auspex.com
Sat Aug 11 11:40:22 AEST 1990
>Ugh, "if in doubt, read the instructions ...". I'm confused then, because it
>certainly breaks on our Sun3/SunOS 4.0.3 systems, whereas it works on our
>Sun4/SunOS 4.0.3 and Sun4/SunOS 4.1 systems (with both gcc and cc).
Well, "seems to work, or at least didn't obviously blow up", or maybe
"lucked into working", is the more correct phrase, rather than "works".
There's a buffer in "pac" that's one byte (at least) too small, so some
poor innocent variable gets stomped. In the Sun-3 case, it happened, by
a bad stroke of luck, to be "_pfast", which is a variable internal to
"curses"; this caused it to get quite confused. It was something else
in the Sun-4 binary; smashing that may have been harmless, or may not
have. It might be something else yet again on another system....
The moral of the story: "array bounds checking can be your friend". We
had Saber-C here at one point, but I don't know if we still have it;
running this puppy under Saber might well have found this bug. (The
other moral of the story: "Remember, an N-character string in C takes up
N+1 bytes....")
>>Nope. Instant core dump with those compilers - ANSI or non-ANSI - that
>>put constant strings into read-only portions of the address space.
>
>Yes, okay, I admit it, I was exaggerating and knew it. I just think it's a
>bad idea to write into string constants when it's invariably as easy to use
>initialised arrays, and it does blow up with some compilers with some options.
I think it's a bad idea too, but if somebody's in a hurry to get
something working, some ANSI compilers that normally put strings in
read-only memory can be coaxed into not doing so....
In any case, here's the fix:
*** defs.h.dist Fri Aug 10 10:17:47 1990
--- defs.h Fri Aug 10 18:19:17 1990
***************
*** 193,199 ****
char Rebuf[PIPEMAX]; /* work buffers */
char Tmpbuf[PIPEMAX];
char Mop[PIPEMAX];
! char Uwin_copy[(UBOT - UTOP + 1) * (URIGHT - ULEFT + 1)];
int Context = INIT; /* initial status values */
int Justify = JUS_DFLT;
--- 193,199 ----
char Rebuf[PIPEMAX]; /* work buffers */
char Tmpbuf[PIPEMAX];
char Mop[PIPEMAX];
! char Uwin_copy[(UBOT - UTOP + 1) * (URIGHT - ULEFT + 1) + 1];
int Context = INIT; /* initial status values */
int Justify = JUS_DFLT;
More information about the Comp.sources.bugs
mailing list