Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Red Hat Linux 6.2 - VIM 5.6

From: prrar () NITNET COM BR (Paulo Ribeiro)
Date: Wed, 12 Jul 2000 16:33:12 +0000

Hi, everyone.

As Slackware Linux 7.0's elvis, Red Hat Linux 6.2's vi (vim) has the
HOME bug.

VIM - Vi IMproved 5.6 (2000 Jan 16, compiled Mar  7 2000 12:18:07)
Included patches: 1-3, 5-6, 10-11

[user@linux user]$ export HOME=`perl -e 'print "A" x 1024;'`
[user@linux user]$ vi ~/test
Vim: Caught deadly signal SEGV
Vim: Finished.
[user@linux user]$ export HOME=`perl -e 'print "A" x 1010;'`
Vim: Caught deadly signal SEGV
Vim: Double signal, exiting
Segmentation fault (core dumped)
[user@linux user]$ gdb vi core
GNU gdb 19991004
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i386-redhat-linux"...
(no debugging symbols found)...
Core was generated by `vi
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libtermcap.so.2...(no debugging symbols
found)...
done.
Reading symbols from /lib/libc.so.6...done.
Reading symbols from /lib/ld-linux.so.2...done.
Reading symbols from /lib/libnss_files.so.2...done.
#0  chunk_free (ar_ptr=0x99e80871, p=0x4010f078) at malloc.c:3049
3049    malloc.c: No such file or directory.
(gdb) where
#0  chunk_free (ar_ptr=0x99e80871, p=0x4010f078) at malloc.c:3049
#1  0x40079fba in __libc_free (mem=0x4010f080) at malloc.c:3023
#2  0x806d070 in strcpy () at ../sysdeps/generic/strcpy.c:30
#3  0x8063ac0 in strcpy () at ../sysdeps/generic/strcpy.c:30
#4  0x8063239 in strcpy () at ../sysdeps/generic/strcpy.c:30
#5  0x8064408 in strcpy () at ../sysdeps/generic/strcpy.c:30
#6  0x8064459 in strcpy () at ../sysdeps/generic/strcpy.c:30
#7  0x807b4d4 in strcpy () at ../sysdeps/generic/strcpy.c:30
#8  0x8061dd5 in strcpy () at ../sysdeps/generic/strcpy.c:30
#9  0x807adac in strcpy () at ../sysdeps/generic/strcpy.c:30
#10 0x4003ec68 in __restore ()
    at ../sysdeps/unix/sysv/linux/i386/sigaction.c:127
#11 0x40079fba in __libc_free (mem=0x80aa710) at malloc.c:3023
#12 0x806d070 in strcpy () at ../sysdeps/generic/strcpy.c:30
#13 0x806328f in strcpy () at ../sysdeps/generic/strcpy.c:30
#14 0x8064408 in strcpy () at ../sysdeps/generic/strcpy.c:30
#15 0x8064495 in strcpy () at ../sysdeps/generic/strcpy.c:30
#16 0x806c24c in strcpy () at ../sysdeps/generic/strcpy.c:30
#17 0x807add4 in strcpy () at ../sysdeps/generic/strcpy.c:30
#18 0x4003ec68 in __restore ()
    at ../sysdeps/unix/sysv/linux/i386/sigaction.c:127
#19 0x400795ce in __libc_malloc (bytes=1022) at malloc.c:2696
#20 0x806cc93 in strcpy () at ../sysdeps/generic/strcpy.c:30
#21 0x806cbbe in strcpy () at ../sysdeps/generic/strcpy.c:30
#22 0x806cd45 in strcpy () at ../sysdeps/generic/strcpy.c:30
#23 0x806c1f6 in strcpy () at ../sysdeps/generic/strcpy.c:30
#24 0x8063e41 in strcpy () at ../sysdeps/generic/strcpy.c:30
#25 0x8063eb6 in strcpy () at ../sysdeps/generic/strcpy.c:30
#26 0x80631a3 in strcpy () at ../sysdeps/generic/strcpy.c:30
#27 0x806434a in strcpy () at ../sysdeps/generic/strcpy.c:30
#28 0x80643e6 in strcpy () at ../sysdeps/generic/strcpy.c:30
#29 0x805b10c in strcpy () at ../sysdeps/generic/strcpy.c:30
#30 0x80499c8 in strcpy () at ../sysdeps/generic/strcpy.c:30
#31 0x80618b0 in strcpy () at ../sysdeps/generic/strcpy.c:30
#32 0x400389cb in __libc_start_main (main=0x8060a60 <strcpy+94784>,
argc=2,
    argv=0xbffff344, init=0x8049290 <_init>, fini=0x809024c <_fini>,
    rtld_fini=0x4000ae60 <_dl_fini>, stack_end=0xbffff33c)
    at ../sysdeps/generic/libc-start.c:92
(gdb) quit

Yours,
Paulo Ribeiro <prrar () nitnet com br>.
Previous By Date Next
Previous By Thread Next

Current thread: