Bug in deleting rows.

[skx]

This is vanilla kilo, with only one patch:

 diff --git a/kilo.c b/kilo.c
 index 9490a77..207e297 100644
 --- a/kilo.c
 +++ b/kilo.c
 @@ -37,6 +37,7 @@
  #define _BSD_SOURCE
  #define _GNU_SOURCE

 +#include <time.h>
  #include <termios.h>
  #include <stdlib.h>

• Open the attached file rename it t.c beforehand, so that the syntax highlighting is enabled.
• Delete 10+ lines from the middle.
• Move to the bottom of the file.
• Delete a few rows.
• Segfault.

Backtrace shows that we die with bogus row values:

 Core was generated by `./kilo t.c'.
 Program terminated with signal SIGSEGV, Segmentation fault.
 #0  0x0000000000401462 in editorRowHasOpenComment (row=0x16c5e90) at kilo.c:361
 361 - 41    if (row->hl && row->rsize && row->hl[row->rsize-1] == HL_MLCOMMENT &&
 (gdb) bt
 #0  0x0000000000401462 in editorRowHasOpenComment (row=0x16c5e90) at kilo.c:361
 #1  0x00000000004015fd in editorUpdateSyntax (row=0x16c5620) at kilo.c:395
 #2  0x0000000000401da7 in editorUpdateRow (row=0x16c5620) at kilo.c:566
 #3  0x00000000004024e5 in editorRowAppendString (row=0x16c5620, 
     s=0x16c4a70 "", len=0) at kilo.c:668
 #4  0x00000000004028ea in editorDelChar () at kilo.c:750
 #5  0x0000000000403d6c in editorProcessKeypress (fd=0) at kilo.c:1197
 #6  0x0000000000403f5c in main (argc=2, argv=0x7fffaf038a38) at kilo.c:1270
 (gdb) p row->size
 $1 = 1819440195
 (gdb) p row->rsize
 $2 = 1025525293
 (gdb) 

Suspect, given the nature of the crash that editorRowDelChar, or editorDelRow are to blame. Either the memcpy is going wrong such that the size become pointers, or something else is corrupting them.

"Video" here for a clearer picture - https://asciinema.org/a/6ou2c1lmofuzedery5mjx7kf3

This is affecting my fork in a different way, but we'll keep that quiet.
t.c.txt

[1-p]

https://github.com/antirez/kilo/pull/20/commits

Take a look at this, it's fixed in this PR.

[skx]

Confirmed. This commit resolves this problem.

Cheers.