fork of 9front i guess
Find a file
cinap_lenrek afa5800b5b acme: fix suicide *and* resource leak in ecmd.c (thanks igor)
To reproduce the suicide try running the following in acme:

• 'Edit B <ls lib'

by select and middle clicking in a window that is in your $home.

There is a very high chance acme will commit suicide like this:

<snip>
cpu% broke
echo kill>/proc/333310/ctl # acme
cpu% acid 333310
/proc/333310/text:amd64 plan 9 executable
/sys/lib/acid/port
/sys/lib/acid/amd64
acid: lstk()
edittext(nr=0x31,q=0x0,r=0x45aa10)+0x8 /sys/src/cmd/acme/ecmd.c:135
xfidwrite(x=0x461230)+0x28a /sys/src/cmd/acme/xfid.c:479
        w=0x0
        qid=0x5
        fc=0x461390
        t=0x1
        nr=0x100000031
        r=0x45aa10
        eval=0x3100000000
        a=0x405621
        nb=0x500000001
        err=0x419310
        q0=0x100000000
        tq0=0x80
        tq1=0x8000000000
        buf=0x41e8d800000000
xfidctl(arg=0x461230)+0x35 /sys/src/cmd/acme/xfid.c:52
        x=0x461230
launcheramd64(arg=0x461230,f=0x22357e)+0x10 /sys/src/libthread/amd64.c:11
0xfefefefefefefefe ?file?:0
</snap>

The suicide issue is caused by the following chain of events:

• /sys/src/cmd/acme/ecmd.c:/^edittext is called at
/sys/src/cmd/acme/xfid.c:479 passing nil as its first parameter:

<snip>
...
        case QWeditout:
                r = fullrunewrite(x, &nr);
                if(w)
                        err = edittext(w, w->wrselrange.q1, r, nr);
                else
                        err = edittext(nil, 0, r, nr);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
...
</snap>

...and /sys/src/cmd/acme/ecmd.c:/^edittext dereferences the
first parameter that is *nil* at the first statement:

<snip>
char*
edittext(Window *w, int q, Rune *r, int nr)
{
        File *f;

        f = w->body.file;
^^^^^^^^^^^^^^^^^^^^^
This will crash if 'w' is *nil*

        switch(editing){
...
</snap>

Moving the the derefernce of 'w' into the case where it is
needed (see above patch) fixes the suicude.

The memory leak is fixed in /sys/src/cmd/acme/ecmd.c:/^filelist.  The
current implementation of filelist(...) breaks its contract with its
caller, thereby leading to a memory leak in /sys/src/cmd/acme/ecmd.c:/^B_cmd
and /sys/src/cmd/acme/ecmd.c:/^D_cmd.

The contract /sys/src/cmd/acme/ecmd.c:/^filelist seems to have with
its callers is that in case of success it fills up a 'collection' that
callers can then clear with a call to clearcollection(...).

The fix above honours this contract and thereby removes the leak.

After you apply the patch the following two tests should succeed:

• Execute by select and middle click in a Tag:
        'Edit B lib/profile'

• Execute by select and middle click in a Tag:
        'Edit B <ls lib'

The former lead to a resource leak that is now fixed.

The latter lead to a suicide that is now fixed by moving the statement
that dereferences the parameter to the location where it is needed,
which is not the path used in the case of 'Edit B <ls'.

Cheers,
Igor
2021-04-02 15:51:15 +02:00
386 ape: sync flaot.h macros with u.h 2021-02-08 15:45:11 -08:00
68000 add signed fixed size integer typedefs 2018-05-12 19:19:52 +02:00
68020 ape: sync flaot.h macros with u.h 2021-02-08 15:45:11 -08:00
acme win: fix window recreation command 2020-09-16 12:41:24 +02:00
adm/timezone timezones: change DST timezone string for South Australia 2019-11-20 11:49:16 +10:30
amd64 ape: unify math.h copies 2021-01-01 21:40:00 -08:00
arm ape: sync flaot.h macros with u.h 2021-02-08 15:45:11 -08:00
arm64 ape: sync flaot.h macros with u.h 2021-02-08 15:45:11 -08:00
lib legal: mit neuer lizenz: mit 2021-03-23 16:33:32 -07:00
mips ape: sync flaot.h macros with u.h 2021-02-08 15:45:11 -08:00
power ape: sync flaot.h macros with u.h 2021-02-08 15:45:11 -08:00
power64 add signed fixed size integer typedefs 2018-05-12 19:19:52 +02:00
rc B, Bfn: fix invocation with multiple files, improve manual page 2021-02-27 19:35:06 +01:00
sparc ape: sync flaot.h macros with u.h 2021-02-08 15:45:11 -08:00
sparc64 ape: sync flaot.h macros with u.h 2021-02-08 15:45:11 -08:00
spim add signed fixed size integer typedefs 2018-05-12 19:19:52 +02:00
sys acme: fix suicide *and* resource leak in ecmd.c (thanks igor) 2021-04-02 15:51:15 +02:00
.hgignore hgignore: ignore section 9 manpage indices, ignore init, kernels and bootloader binaries 2020-03-07 12:28:49 +01:00