Cooked/Raw transition bug

[Richard Tobin]

There is a bug in kern/tty.c that leaves the ring buffers in a bogus
state when switching from cooked to raw mode. This is probably the
cause of the bash/more problems.

The following code is at about line 485 (indentation reduced!):

catb(&tp->t_raw, &tp->t_can);
tb = tp->t_raw;
tp->t_raw = tp->t_can;
tp->t_can = tb;

The intention appears to be to put the contents of the canonical buffer
at the front of the raw buffer. It does this by appending the raw buffer
to the canonical buffer, and then switching the buffers.

Unfortunately, a ringb structure contains head and tail pointers that
point into the buffer contained in the structure itself, so copying the
structures doesn't work. The pointers need to be adjusted.

To fix, replace the lines above with this:

catb(&tp->t_raw, &tp->t_can);

#define copy_rb(from,to) (to = from, \
to.rb_hd = to.rb_buf + (from.rb_hd-from.rb_buf), \
to.rb_tl = to.rb_buf + (from.rb_tl-from.rb_buf))

copy_rb(tp->t_raw, tb);
copy_rb(tp->t_can, tp->t_raw);
copy_rb(tb, tp->t_can);

In fact, since the call to catb empties the raw buffer, the following should
be adequate and saves some copying (though I haven't actually tried it):

catb(&tp->t_raw, &tp->t_can);

tp->t_raw = tp->t_can;
tp->t_raw.rb_hd = tp->t_raw.rb_buf + (tp->t_can.rb_hd - tp->t_can.rb_buf);
tp->t_raw.rb_tl = tp->t_raw.rb_buf + (tp->t_can.rb_tl - tp->t_can.rb_buf);

initrb(&tp->t_can);

-- Richard
--
Richard Tobin,
AI Applications Institute, R.T...@ed.ac.uk
Edinburgh University.