On Tue, Oct 30, 2012 at 10:17:12PM +0100, Otto Moerbeek wrote: > On Tue, Oct 30, 2012 at 08:59:27PM +0100, Juan Francisco Cantero Hurtado > wrote: > > > On Tue, Oct 30, 2012 at 09:31:58AM +0100, Otto Moerbeek wrote: > > > On Mon, Oct 29, 2012 at 06:43:13PM +0100, Juan Francisco Cantero Hurtado > > > wrote: > > > > > > > Chris Cappuccio sent me a mail saying he can't see the characters, only > > > > a question mark. > > > > > > > > I'm linking each character to their wikipedia page, so you can > > > > copy-paste the character. > > > > > > > > On Thu, Oct 25, 2012 at 05:07:34AM +0200, Juan Francisco Cantero > > > > Hurtado wrote: > > > > > This afternoon I was downloading a tarball from a OpenBSD mirror. I > > > > > press the key "?" and after the tab key. ftp crashed with a segfault. > > > > > > Please also include your environment settings. It is likely locale > > > plays a role here. > > > > > > At least env | grep LC > > > > > > > I've tried the bug in amd64 without locales and also with > > LC_TIME="es_ES.ISO8859-1" LC_CTYPE="en_US.UTF-8". > > > > The i386 system was a clean installation in a virtual machine. > > I can now reproduce using a terminal that accepts more than just low ascii. > > What I see is that when complete() is called the cursor position in > the EditLine struct is not what it is supposed to be, it points a > couple of bytes beyond the terminating NUL while it is supposed to > point to the NUL. That causes confusing in the scanner, getting the > argument list count wrong.
Ehh, the buffer is not NUL terminated, but observation still holds: the cursor position is a couple of bytes further than it should be. > > The root of the problem seems to be inside the editline lib. > > Cc:ing nicm@, maybe he has a clue > > -Otto > > > > > > > > > > > https://en.wikipedia.org/wiki/%C2%BA > > > > > > > > > > Steps for reproduce: > > > > > # ftp ftp.fr.openbsd.org > > > > > user and password > > > > > ascii art > > > > > ftp> cd pub/Open? <- Here press the tab key > > > > https://en.wikipedia.org/wiki/%C2%BA > > > > > segmentation fault (core dumped) ftp ftp.fr.openbsd.org > > > > > > > > > > It also crashes with the letter "?" and "?". > > > > https://en.wikipedia.org/wiki/%C3%81 > > > > https://en.wikipedia.org/wiki/%C3%91 > > > > > > > > > > Tested in: > > > > > - A snapshot from yesterday. i386. root account. console/ksh without > > > > > locales. > > > > > - A snapshot from a few days ago. amd64. user. urxvt/zsh with utf8 > > > > > locales. > > > > > > > > > > I also tested the bug in a remote session with OpenBSD 4.7 and ftp > > > > > works > > > > > without problems. > > > > > > > > > > I've updated the code of usr.bin/ftp to 2012-10-01 and 2012-01-01 and > > > > > tried both versions. ftp also crashes. > > > > > > > > > > Backtrace: > > > > > Thread 1 (process 3436): > > > > > #0 memcpy (dst0=0x9d4160, src0=Variable "src0" is not available. > > > > > ) at /usr/src/lib/libc/string/bcopy.c:115 > > > > > #1 0x000000000040432b in complete (el=Variable "el" is not available. > > > > > ) at /usr/src/usr.bin/ftp/complete.c:313 > > > > > #2 0x000000000041eb84 in el_wgets (el=0x20da64800, > > > > > nread=0x7f7ffffe3ebc) at read.c:612 > > > > > #3 0x000000000041ef8d in el_gets (el=0x20da64800, nread=Variable > > > > > "nread" is not available. > > > > > ) at eln.c:78 > > > > > #4 0x000000000040e55f in cmdscanner (top=Variable "top" is not > > > > > available. > > > > > ) at /usr/src/usr.bin/ftp/main.c:465 > > > > > #5 0x000000000040eb7c in main (argc=1, argv=0x7f7ffffe4398) at > > > > > /usr/src/usr.bin/ftp/main.c:369 > > > > > > > > > > Let me know if it's necessary more info or whatever :) > > > > > > > > > > Cheers. > > > > > > > > > > > > > -- > > Juan Francisco Cantero Hurtado http://juanfra.info