Re: [Nano-devel] 1.3.7 core dump

[David Lawrence Ramsey]

Nick Warne wrote:

<snip>

>If I then start nano, load a file, then goto a line number using
>Ctrl+Shift _ [type] # it will core dump.
>
>I could replicate this ever time with any file.  I then looked at the
>.configure options, so tried
>
>./configure --enable-nanorc --disable-mouse --disable-color
>-disable-nls --disable-utf8
>
>and it all works now without a core dump.
>
>I haven't any other boxes that produce the utf-8 warning at configure,
>so can't test as such.
>
>I briefly looked at the code, but can't really see what is going on
>here.

This is very odd.  I've only had two kinds of segfaults with nano
recently: (a) in display_string() due to a potential buffer overrun
(fixed in 1.3.7 by the attached patch), and (b) in _nc_screen_wrap()
inside ncurses 5.4 (which only seems to occur in UTF-8 mode).

1. Does the attached patch change anything?

2. If not, could you provide a gdb backtrace using the core file, so I
can see where nano's crashing?

3. Does this also happen with 1.3.8-cvs?

Thanks in advance.

diff -ur nano-1.3.7/src/winio.c nano-1.3.7-fixed/src/winio.c
--- nano-1.3.7/src/winio.c      2005-04-10 23:51:22.000000000 -0400
+++ nano-1.3.7-fixed/src/winio.c        2005-06-22 20:12:49.000000000 -0400
@@ -2253,9 +2253,9 @@
 
     assert(column <= start_col);
 
-    /* Allocate enough space for the entire line.  It should contain
-     * (len + 2) multibyte characters at most. */
-    alloc_len = mb_cur_max() * (len + 2);
+    /* Allocate enough space for the entire line, accounting for a
+     * trailing multibyte character and/or tab. */
+    alloc_len = (mb_cur_max() * (len + 1)) + tabsize;
 
     converted = charalloc(alloc_len + 1);
     index = 0;