Xref: utzoo comp.bugs.sys5:332 comp.bugs.4bsd:702
Path: utzoo!mnetor!uunet!seismo!sundc!pitstop!sun!decwrl!labrea!agate!pasteur!ames!hao!gatech!hubcap!ncrcae!sauron!wescott
From: wescott@sauron.Columbia.NCR.COM (Mike Wescott)
Newsgroups: comp.bugs.sys5,comp.bugs.4bsd
Subject: VI bug
Message-ID: <1027@sauron.Columbia.NCR.COM>
Date: 18 Feb 88 21:46:57 GMT
Reply-To: wescott@sauron.Columbia.NCR.COM (Mike Wescott)
Organization: Entry Level Systems Development, NCR Corp., Columbia, SC
Lines: 22

In a number of places in its source, vi uses isdigit() (see ctype(3))
to check a character (encoded in an int or short) it just received.  No
problem, except that occasionally, like just after a SIGINT, the character
to be checked is -2.  This causes a memory fault and core dump if _ctype[-1]
is not valid memory; and may cause unexpected results if the same byte 
somehow gets a value that makes isdigit() true.

There may be other isxxxx() calls that have similar problems.

I don't have a fix yet.  We only discovered it while playing with a
shared library version of ctype.  And there is little probability
it will affect anybody running a stable version of vi.  But if you have
seen strange behavior when the interrupt key is pressed you might look
into this as the culprit.

Did isdigit() once have range checking built in?  Or was it a version
called _isdigit()?

	
-- 
	-Mike Wescott
	 wescott@ncrcae.Columbia.NCR.COM