Loading ...
Sorry, an error occurred while loading the content.
 

Re: 2html.vim causes Vim to crash with a SIGSEGV?!

Expand Messages
  • Peter Odding
    Hi list, After some more digging I isolated the cause of the crash and it has nothing to do with 2html.vim: Vim crashes while evaluating a corrupt regular
    Message 1 of 13 , Sep 4, 2010
      Hi list,

      After some more digging I isolated the cause of the crash and it has
      nothing to do with 2html.vim: Vim crashes while evaluating a corrupt
      regular expression generated by a bug in my publish.vim plug-in.

      I initially suspected this problem but thought I'd excluded it when Vim
      still crashed after I disabled the pattern's evaluation. I now think Vim
      still crashed because the 'hlsearch' option caused Vim to evaluate the
      last used search pattern stored in my ~/.viminfo file.

      The regex is a 77 KB monstrosity that's supposed to match a predefined
      set of strings in 2html.vim output and is complicated by the fact that
      it also matches strings with embedded HTML tags. The regex is corrupt
      because of a bug in my plug-in; I forgot to escape special characters
      like [.

      Even though the regex is corrupt (garbage in, garbage out) the crash
      might still point towards a real bug, which is why I'm attaching a
      script that demonstrates the crash. When I execute the script with the
      following command I first get an E339 prompt and then Vim crashes with a
      segmentation fault:

      $ vim -u NONE --noplugin -NS crash.vim
      Error detected while processing function <SNR>1_VimCrashOnRegexEval:
      line 14:
      E339: Pattern too long
      Vim: Caught deadly signal SEGV
      Vim: Finished.

      I'm also attaching a backtrace from GDB and the output of Valgrind,
      which tell me that Vim crashes because of a NULL pointer dereference at
      regexp.c:4730 in the latest Vim 7.3 source. I've tried reasoning about
      this but regmatch() is far too complex for my comprehension at the
      moment :-)

      - Peter Odding
    • Carlo Teubner
      ... I can reproduce the same crash with a much simpler, valid, very long regex: a |a |a |... $ vim -Ngfu NONE --noplugin -c execute / . repeat( a | , 9000)
      Message 2 of 13 , Sep 11, 2010
        Peter Odding <peter <at> peterodding.com> writes:

        >
        > The regex is a 77 KB monstrosity that's supposed to match a predefined
        > set of strings in 2html.vim output and is complicated by the fact that
        > it also matches strings with embedded HTML tags. The regex is corrupt
        > because of a bug in my plug-in; I forgot to escape special characters
        > like [.

        I can reproduce the same crash with a much simpler, valid, very long regex:
        a\|a\|a\|...

        $ vim -Ngfu NONE --noplugin -c "execute '/' . repeat('a\|', 9000) . 'a'"
        Vim: Caught deadly signal SEGV

        On my system, it crashes with 9000 repetitions but not 8000.

        > I'm also attaching a backtrace from GDB and the output of Valgrind,
        > which tell me that Vim crashes because of a NULL pointer dereference at
        > regexp.c:4730 in the latest Vim 7.3 source. I've tried reasoning about
        > this but regmatch() is far too complex for my comprehension at the
        > moment

        gdb shows the same backtrace as yours:

        (gdb) bt
        #0 0x000000000055a545 in regmatch (scan=0x953cba "\003") at regexp.c:4730
        #1 0x0000000000557dd5 in regtry (prog=0x953ca0, col=0) at regexp.c:3711
        #2 0x0000000000557b9c in vim_regexec_both (line=0xab3f30 "", col=0, tm=0x0) at
        regexp.c:3600
        #3 0x00000000005574c7 in vim_regexec (rmp=0x7fffffffdd00, line=0xab3f30 "",
        col=0) at regexp.c:3347
        #4 0x00000000004b85cd in match_file_pat (pattern=0x0, prog=0x953ca0,
        fname=0xab3f30 "", sfname=0x0, tail=
        0xab3f30 "", allow_dirs=0) at fileio.c:10003
        #5 0x00000000004b7bd2 in auto_next_pat (apc=0x7fffffffde50, stop_at_last=0) at
        fileio.c:9525
        #6 0x00000000004b77d8 in apply_autocmds_group (event=EVENT_VIMENTER,
        fname=0xab3f30 "", fname_io=0x0, force=0,
        group=-3, buf=0x88c150, eap=0x0) at fileio.c:9358
        #7 0x00000000004b7108 in apply_autocmds (event=EVENT_VIMENTER, fname=0x0,
        fname_io=0x0, force=0, buf=0x88c150)
        at fileio.c:8994
        #8 0x00000000004d3973 in main (argc=6, argv=0x7fffffffe1e8) at main.c:903


        Carlo



        --
        You received this message from the "vim_dev" maillist.
        Do not top-post! Type your reply below the text you are replying to.
        For more information, visit http://www.vim.org/maillist.php
      • Carlo
        ... I can reproduce this crash with a much simpler, valid, regex: $ vim -Ngfu NONE --noplugin -c execute / . repeat( a | , 9000) . a Vim: Caught deadly
        Message 3 of 13 , Sep 11, 2010
          On Sep 5, 3:33 am, Peter Odding <pe...@...> wrote:

          > The regex is a 77 KB monstrosity that's supposed to match a predefined
          > set of strings in 2html.vim output and is complicated by the fact that
          > it also matches strings with embedded HTML tags. The regex is corrupt
          > because of a bug in my plug-in; I forgot to escape special characters
          > like [.

          I can reproduce this crash with a much simpler, valid, regex:

          $ vim -Ngfu NONE --noplugin -c "execute '/' . repeat('a\|', 9000) .
          'a'"
          Vim: Caught deadly signal SEGV

          On my machine, it crashes with 9000 but not with 8000 repetitions.

          > I'm also attaching a backtrace from GDB and the output of Valgrind,
          > which tell me that Vim crashes because of a NULL pointer dereference at
          > regexp.c:4730 in the latest Vim 7.3 source. I've tried reasoning about
          > this but regmatch() is far too complex for my comprehension at the
          > moment :-)

          My backtrace is exactly the same:

          (gdb) bt
          #0 0x000000000055a545 in regmatch (scan=0x953cba "\003") at regexp.c:
          4730
          #1 0x0000000000557dd5 in regtry (prog=0x953ca0, col=0) at regexp.c:
          3711
          #2 0x0000000000557b9c in vim_regexec_both (line=0xabe7c0 "", col=0,
          tm=0x0) at regexp.c:3600
          #3 0x00000000005574c7 in vim_regexec (rmp=0x7fffffffdd00,
          line=0xabe7c0 "", col=0) at regexp.c:3347
          #4 0x00000000004b85cd in match_file_pat (pattern=0x0, prog=0x953ca0,
          fname=0xabe7c0 "", sfname=0x0, tail=
          0xabe7c0 "", allow_dirs=0) at fileio.c:10003
          #5 0x00000000004b7bd2 in auto_next_pat (apc=0x7fffffffde50,
          stop_at_last=0) at fileio.c:9525
          #6 0x00000000004b77d8 in apply_autocmds_group (event=EVENT_VIMENTER,
          fname=0xabe7c0 "", fname_io=0x0, force=0,
          group=-3, buf=0x88c150, eap=0x0) at fileio.c:9358
          #7 0x00000000004b7108 in apply_autocmds (event=EVENT_VIMENTER,
          fname=0x0, fname_io=0x0, force=0, buf=0x88c150)
          at fileio.c:8994
          #8 0x00000000004d3973 in main (argc=6, argv=0x7fffffffe1e8) at main.c:
          903

          Carlo

          (I attempted to post this message earlier but it somehow didn't make
          it through)

          >
          >   - Peter Odding
          >
          > [crash.vim5K ]function! s:VimCrashOnRegexEval(tags)
          >   let patterns = []
          >   let short = s:IgnoreHTML('s') . s:IgnoreHTML(':')
          >   let long = s:IgnoreHTML('<') . s:IgnoreHTML('[Ss][Ii][Dd]') . s:IgnoreHTML('>')
          >   let prefix = '\%(' . short . '\|' . long . '\)'
          >   for name in a:tags
          >     let tokens = [prefix]
          >     for token in split(name, '\W\@=\|\W\@<=')
          >       " The bug in my original code was that I didn't escape special pattern characters in
          >       " {token} before adding it to {tokens}, but that doesn't mean Vim should crash :-(
          >       call add(tokens, s:IgnoreHTML(token))
          >     endfor
          >     call add(patterns, join(tokens, ''))
          >   endfor
          >   execute '/' . escape(join(patterns, '\|'), '~/')
          > endfunction
          >
          > function! s:IgnoreHTML(s)
          >   return printf('\%%(<[^/][^>]*>%s</[^>]\+>\|%s\)', a:s, a:s)
          > endfunction
          >
          > call s:VimCrashOnRegexEval(['s:msg', 'g:loaded_publish', 'foreach_window', 's:ei_save',
          >  \ 's:loaded_scripts', 'tex_fold_enabled', 'g:timer_verbosity', '<Tab>', 'reload_colors',
          >  \ 'b:luainspect_syntax_error', 'g:easytags_resolve_links', 's:hif_save', 'unresolve_scriptname',
          >  \ 'g:easytags_always_enabled', '<Home>', 'session#get_names', 's:directory', 'session#save_cmd',
          >  \ 's:stal_save', 'session#auto_dirty_check', 'persist_special_windows', '<C-Down>',
          >  \ 'b:luainspect_input', 'ignore_html', 's:ctags_filetypes', 'session#close_cmd', 's:object_methods',
          >  \ 'xolox#timer#stop', 'easytags#highlight', 'g:session_autoload', 'g:publish_omit_dothtml',
          >  \ 'save_plugin_window', 'netrw_hide', 'prep_cmdline', 's:cached_contents', 'g:lua_inspect_internal',
          >  \ 'java_allow_cpp_keywords', 'open_at_cursor', 'luainspect#make_request', 'library_call',
          >  \ 'xolox#debug', 'publish#run_rsync', 'easytags#get_tagsfile', 's:script', 'session#auto_load',
          >  \ 'g:reload_on_write', 'easytags#read_tagsfile', 'publish#html_encode', '<Left>', 's:tagged_files',
          >  \ 'easytags#update', 'xolox#path#absolute', 'easytags#map_filetypes', 'rename_variable',
          >  \ 'publish#rsync_check', 'tex_flavor', '<Right>', 's:lock_files', 's:library_version', '<F11>',
          >  \ 'g:html_ignore_folding', 's:has_reltime', 'g:html_number_lines', 'g:easytags_on_cursorhold',
          >  \ 'save_qflist', 'g:easytags_autorecurse', 'find_tagged_files', 's:changed_path', 's:enoimpl',
          >  \ 'escape_tags', 'g:loaded_session', 'xolox#timer#start', 'get_name', 'g:easytags_ignored_filetypes',
          >  \ 'xolox#shell#open_cmd', 'xolox#quote_pattern', 'xolox#shell#execute', 'convert_value',
          >  \ 'xolox#unique', 'session#path_to_name', '<Esc>[A', 'session#open_cmd', 'python_highlight_all',
          >  \ '<A-Right>', 's:files_to_publish', 'define_default_styles', 's:supported_filetypes',
          >  \ 'xolox#option#join', 's:loclist_to_window', 'session#delete_cmd', '<Esc>[23~', 'session#save_state',
          >  \ '<Del>', 'vimsyn_noerror', 'publish#find_tags', 'reload_indent', 'xolox#shell#open_with',
          >  \ 's:cached_filenames', 'xolox#reload#script', 'g:easytags_ctags_version', 'g:html_use_css',
          >  \ 'clear_previous_matches', 'is_windows', 'session#save_colors', 'select_name',
          >  \ 's:reload_script_active', 'session_is_locked', 'session#auto_unlock', 'set_tagged_files',
          >  \ 'publish#create_subst_cmd', 'jump_to_window', 's:smd_save', 'g:xolox_message_buffer',
          >  \ 'xolox#option#split_tags', 'g:easytags_cmd', 'xolox#path#equals', '<C-Up>', 'xolox#path#join',
          >  \ 'xolox#warning', 's:hnl_save', 's:mls_save', 's:reloading_buffers', 's:aliases',
          >  \ 'xolox#shell#fullscreen', 's:vim_filetypes', 'b:luainspect_warnings', 'cache_tagged_files',
          >  \ 'easytags#autoload', 's:fullscreen_enabled', 'session#save_session', '<A-Left>', 'xolox#message',
          >  \ 's:units', 'session#restart_cmd', 'g:timer_enabled', 's:contact', 'easytags#define_tagkind',
          >  \ 'xolox#path#decode', '***', 'handle_error', 'reload_ftplugin', 'g:lua_inspect_warnings',
          >  \ 's:session_is_dirty', 'xolox#shell#open_url', 'parse_scriptnames', 'session#save_features',
          >  \ 'check_output', 'session#complete_names', '<C-S-PageUp>', 'xolox#path#relative', '<F3>',
          >  \ 'b:easytags_last_highlighted', 'reload_message', 'update_warnings', 's:canonical_aliases',
          >  \ 'reload_plugin', 's:go_toggled', 'publish#customize_html', 'g:shell_open_cmds', 'check_cfile',
          >  \ 'run_ctags', '<C-S-PageDown>', 'g:loaded_luainspect', 'xolox#timer#format_timespan',
          >  \ 'luainspect#highlight_cmd', 'xolox#reload#open_readonly', 'easytags#to_ctags_ft', 'pattern_to_lnum',
          >  \ 'unlock_session', 'c_syntax_for_h', 'g:shell_fullscreen_items', 's:current_source_directory',
          >  \ 'publish#create_dirs', 'reload_autoload', 'prepare_search_path', 's:viml_sl_prefix', 's:ruler_save',
          >  \ 'is_bash', 'xolox#reload#windows', 'g:loaded_pyref', 's:cpo_save', 'has_dll', 'xolox#path#tempdir',
          >  \ 'g:lua_inspect_events', 's:auto_reload_active', 'xolox#option#join_tags', 'highlight_variables',
          >  \ 'xolox#escape#pattern', 'easytags#file_has_tags', 'check_filetype', 's:scripttypes',
          >  \ 'script_sourced', 'b:luainspect_disabled', 'luainspect#auto_enable', '<c-]>', '<F5>',
          >  \ 'session#view_cmd', 'xolox#path#commonprefix', 'g:easytags_include_members', 'g:session_autosave',
          >  \ 'lock_session', 's:more_save', 's:huc_save', 'easytags#alias_filetypes', 'g:pyref_browser',
          >  \ 'g:publish_viml_sl_hack', 's:tempdir_counter', 'easytags#supported_filetypes',
          >  \ 'easytags#add_tagged_file', 'unescape_tags', 'filter_merge_tags', 'b:luainspect_output',
          >  \ 'g:xolox_messages', 'xolox#shell#highlight_urls', 'session#auto_save', 'find_dll_version',
          >  \ 's:window_to_info', 'b:easytags_nohl', 'easytags#write_tagsfile', 'g:loaded_easytags',
          >  \ 'reload_buffers', '<F6>', 'reload_syntax', 'xolox#shell#is_fullscreen', 'publish#prep_env',
          >  \ 's:groups', '<BS>', 'highlight_position', 's:tagkinds', 's:cached_layouts', 's:saved_qflist',
          >  \ 'session#name_to_path', 'balloon_syntax', 'parse_text', 'xolox#path#merge', 'g:pyref_mapping',
          >  \ 'publish#resolve_files', 'session#save_fullscreen', 'g:shell_mappings_enabled', 'xolox#path#encode',
          >  \ 'reload_window', 'clear_message', 'xolox#escape#substitute', 'easytags#to_vim_ft',
          >  \ 'xolox#option#split', 's:tags_to_publish', '...', 's:windows_compatible', 'g:publish_plaintext',
          >  \ 'foreach_tabpage', 'xolox#shell#build_cmd', 'session#save_qflist', 'xolox#path#split'])
          >
          > [gdb.txt1K ]peter@laptop> gdb --args /usr/local/bin/gvim -fu NONE --noplugin -NS crash.vim
          > GNU gdb (GDB) 7.0-ubuntu
          > Copyright (C) 2009 Free Software Foundation, Inc.
          > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
          > This is free software: you are free to change and redistribute it.
          > There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
          > and "show warranty" for details.
          > This GDB was configured as "x86_64-linux-gnu".
          > For bug reporting instructions, please see:
          > <http://www.gnu.org/software/gdb/bugs/>...
          > Reading symbols from /usr/local/bin/gvim...done.
          > (gdb) r
          > Starting program: /usr/local/bin/gvim -fu NONE --noplugin -NS crash.vim
          > [Thread debugging using libthread_db enabled]
          >
          > (gvim:4029): GLib-WARNING **: g_set_prgname() called multiple times
          >
          > Program received signal SIGSEGV, Segmentation fault.
          > 0x0000000000564107 in regmatch (scan=0x97743a "\003") at regexp.c:4730
          > 4730                    if (OP(next) != BRANCH) /* No choice. */
          > (gdb) where
          > #0  0x0000000000564107 in regmatch (scan=0x97743a "\003") at regexp.c:4730
          > #1  0x0000000000561c50 in regtry (prog=0x977420, col=0) at regexp.c:3711
          > #2  0x0000000000561a17 in vim_regexec_both (line=0xb93d50 "", col=0, tm=0x0) at regexp.c:3600
          > #3  0x0000000000561342 in vim_regexec (rmp=0x7fffffffdf30, line=0xb93d50 "", col=0) at regexp.c:3347
          > #4  0x00000000004c0d5d in match_file_pat (pattern=0x0, prog=0x977420, fname=0xb93d50 "", sfname=0x0, tail=0xb93d50 "", allow_dirs=0) at fileio.c:10003
          > #5  0x00000000004c035e in auto_next_pat (apc=0x7fffffffe080, stop_at_last=0) at fileio.c:9525
          > #6  0x00000000004bff4a in apply_autocmds_group (event=EVENT_VIMENTER, fname=0xb93d50 "", fname_io=0x0, force=0, group=-3, buf=0x8a1990, eap=0x0) at fileio.c:9358
          > #7  0x00000000004bf860 in apply_autocmds (event=EVENT_VIMENTER, fname=0x0, fname_io=0x0, force=0, buf=0x8a1990) at fileio.c:8994
          > #8  0x00000000004dc1dc in main (argc=6, argv=0x7fffffffe438) at main.c:903
          >
          >  valgrind.log
          > 3KViewDownload

          --
          You received this message from the "vim_dev" maillist.
          Do not top-post! Type your reply below the text you are replying to.
          For more information, visit http://www.vim.org/maillist.php
        • ZyX
          Ответ на сообщение «Re: 2html.vim causes Vim to crash with a SIGSEGV?!», присланное в 20:09:39 11 сентября 2010,
          Message 4 of 13 , Sep 11, 2010
            Ответ на сообщение «Re: 2html.vim causes Vim to crash with a SIGSEGV?!»,
            присланное в 20:09:39 11 сентября 2010, Суббота,
            отправитель Carlo:

            Confirmed, but before crashing it prints
            Error detected while processing command line:
            E339: Pattern too long
            Command:
            LANG=C vim -u NONE -c 'execute ''/''.repeat(''a\|'', 9000)'
            (removed unneeded options). In the help file it is mentioned that
            this error may occur only on systems with 16 bit ints:
            This only happens on systems with 16 bit ints: The compiled regexp pattern is
            longer than about 65000 characters. Try using a shorter pattern.
            (message.txt, line 484)
            And vim obviously should not crash.

            Текст сообщения:
            > On Sep 5, 3:33 am, Peter Odding <pe...@...> wrote:
            > > The regex is a 77 KB monstrosity that's supposed to match a predefined
            > > set of strings in 2html.vim output and is complicated by the fact that
            > > it also matches strings with embedded HTML tags. The regex is corrupt
            > > because of a bug in my plug-in; I forgot to escape special characters
            > > like [.
            >
            > I can reproduce this crash with a much simpler, valid, regex:
            >
            > $ vim -Ngfu NONE --noplugin -c "execute '/' . repeat('a\|', 9000) .
            > 'a'"
            > Vim: Caught deadly signal SEGV
            >
            > On my machine, it crashes with 9000 but not with 8000 repetitions.
            >
            > > I'm also attaching a backtrace from GDB and the output of Valgrind,
            > > which tell me that Vim crashes because of a NULL pointer dereference at
            > > regexp.c:4730 in the latest Vim 7.3 source. I've tried reasoning about
            > > this but regmatch() is far too complex for my comprehension at the
            > > moment :-)
            >
            > My backtrace is exactly the same:
            >
            > (gdb) bt
            > #0 0x000000000055a545 in regmatch (scan=0x953cba "\003") at regexp.c:
            > 4730
            > #1 0x0000000000557dd5 in regtry (prog=0x953ca0, col=0) at regexp.c:
            > 3711
            > #2 0x0000000000557b9c in vim_regexec_both (line=0xabe7c0 "", col=0,
            > tm=0x0) at regexp.c:3600
            > #3 0x00000000005574c7 in vim_regexec (rmp=0x7fffffffdd00,
            > line=0xabe7c0 "", col=0) at regexp.c:3347
            > #4 0x00000000004b85cd in match_file_pat (pattern=0x0, prog=0x953ca0,
            > fname=0xabe7c0 "", sfname=0x0, tail=
            > 0xabe7c0 "", allow_dirs=0) at fileio.c:10003
            > #5 0x00000000004b7bd2 in auto_next_pat (apc=0x7fffffffde50,
            > stop_at_last=0) at fileio.c:9525
            > #6 0x00000000004b77d8 in apply_autocmds_group (event=EVENT_VIMENTER,
            > fname=0xabe7c0 "", fname_io=0x0, force=0,
            > group=-3, buf=0x88c150, eap=0x0) at fileio.c:9358
            > #7 0x00000000004b7108 in apply_autocmds (event=EVENT_VIMENTER,
            > fname=0x0, fname_io=0x0, force=0, buf=0x88c150)
            > at fileio.c:8994
            > #8 0x00000000004d3973 in main (argc=6, argv=0x7fffffffe1e8) at main.c:
            > 903
            >
            > Carlo
            >
            > (I attempted to post this message earlier but it somehow didn't make
            > it through)
            >
            > > - Peter Odding
            > >
            > > [crash.vim5K ]function! s:VimCrashOnRegexEval(tags)
            > > let patterns = []
            > > let short = s:IgnoreHTML('s') . s:IgnoreHTML(':')
            > > let long = s:IgnoreHTML('<') . s:IgnoreHTML('[Ss][Ii][Dd]') .
            > > s:IgnoreHTML('>') let prefix = '\%(' . short . '\|' . long . '\)'
            > > for name in a:tags
            > > let tokens = [prefix]
            > > for token in split(name, '\W\@=\|\W\@<=')
            > > " The bug in my original code was that I didn't escape special
            > > pattern characters in " {token} before adding it to {tokens}, but that
            > > doesn't mean Vim should crash :-( call add(tokens, s:IgnoreHTML(token))
            > > endfor
            > > call add(patterns, join(tokens, ''))
            > > endfor
            > > execute '/' . escape(join(patterns, '\|'), '~/')
            > > endfunction
            > >
            > > function! s:IgnoreHTML(s)
            > > return printf('\%%(<[^/][^>]*>%s</[^>]\+>\|%s\)', a:s, a:s)
            > > endfunction
            > >
            > > call s:VimCrashOnRegexEval(['s:msg', 'g:loaded_publish',
            > > 'foreach_window', 's:ei_save', \ 's:loaded_scripts', 'tex_fold_enabled',
            > > 'g:timer_verbosity', '<Tab>', 'reload_colors', \
            > > 'b:luainspect_syntax_error', 'g:easytags_resolve_links', 's:hif_save',
            > > 'unresolve_scriptname', \ 'g:easytags_always_enabled', '<Home>',
            > > 'session#get_names', 's:directory', 'session#save_cmd', \ 's:stal_save',
            > > 'session#auto_dirty_check', 'persist_special_windows', '<C-Down>', \
            > > 'b:luainspect_input', 'ignore_html', 's:ctags_filetypes',
            > > 'session#close_cmd', 's:object_methods', \ 'xolox#timer#stop',
            > > 'easytags#highlight', 'g:session_autoload', 'g:publish_omit_dothtml', \
            > > 'save_plugin_window', 'netrw_hide', 'prep_cmdline', 's:cached_contents',
            > > 'g:lua_inspect_internal', \ 'java_allow_cpp_keywords', 'open_at_cursor',
            > > 'luainspect#make_request', 'library_call', \ 'xolox#debug',
            > > 'publish#run_rsync', 'easytags#get_tagsfile', 's:script',
            > > 'session#auto_load', \ 'g:reload_on_write', 'easytags#read_tagsfile',
            > > 'publish#html_encode', '<Left>', 's:tagged_files', \ 'easytags#update',
            > > 'xolox#path#absolute', 'easytags#map_filetypes', 'rename_variable', \
            > > 'publish#rsync_check', 'tex_flavor', '<Right>', 's:lock_files',
            > > 's:library_version', '<F11>', \ 'g:html_ignore_folding',
            > > 's:has_reltime', 'g:html_number_lines', 'g:easytags_on_cursorhold', \
            > > 'save_qflist', 'g:easytags_autorecurse', 'find_tagged_files',
            > > 's:changed_path', 's:enoimpl', \ 'escape_tags', 'g:loaded_session',
            > > 'xolox#timer#start', 'get_name', 'g:easytags_ignored_filetypes', \
            > > 'xolox#shell#open_cmd', 'xolox#quote_pattern', 'xolox#shell#execute',
            > > 'convert_value', \ 'xolox#unique', 'session#path_to_name', '<Esc>[A',
            > > 'session#open_cmd', 'python_highlight_all', \ '<A-Right>',
            > > 's:files_to_publish', 'define_default_styles', 's:supported_filetypes',
            > > \ 'xolox#option#join', 's:loclist_to_window', 'session#delete_cmd',
            > > '<Esc>[23~', 'session#save_state', \ '<Del>', 'vimsyn_noerror',
            > > 'publish#find_tags', 'reload_indent', 'xolox#shell#open_with', \
            > > 's:cached_filenames', 'xolox#reload#script', 'g:easytags_ctags_version',
            > > 'g:html_use_css', \ 'clear_previous_matches', 'is_windows',
            > > 'session#save_colors', 'select_name', \ 's:reload_script_active',
            > > 'session_is_locked', 'session#auto_unlock', 'set_tagged_files', \
            > > 'publish#create_subst_cmd', 'jump_to_window', 's:smd_save',
            > > 'g:xolox_message_buffer', \ 'xolox#option#split_tags', 'g:easytags_cmd',
            > > 'xolox#path#equals', '<C-Up>', 'xolox#path#join', \ 'xolox#warning',
            > > 's:hnl_save', 's:mls_save', 's:reloading_buffers', 's:aliases', \
            > > 'xolox#shell#fullscreen', 's:vim_filetypes', 'b:luainspect_warnings',
            > > 'cache_tagged_files', \ 'easytags#autoload', 's:fullscreen_enabled',
            > > 'session#save_session', '<A-Left>', 'xolox#message', \ 's:units',
            > > 'session#restart_cmd', 'g:timer_enabled', 's:contact',
            > > 'easytags#define_tagkind', \ 'xolox#path#decode', '***', 'handle_error',
            > > 'reload_ftplugin', 'g:lua_inspect_warnings', \ 's:session_is_dirty',
            > > 'xolox#shell#open_url', 'parse_scriptnames', 'session#save_features', \
            > > 'check_output', 'session#complete_names', '<C-S-PageUp>',
            > > 'xolox#path#relative', '<F3>', \ 'b:easytags_last_highlighted',
            > > 'reload_message', 'update_warnings', 's:canonical_aliases', \
            > > 'reload_plugin', 's:go_toggled', 'publish#customize_html',
            > > 'g:shell_open_cmds', 'check_cfile', \ 'run_ctags', '<C-S-PageDown>',
            > > 'g:loaded_luainspect', 'xolox#timer#format_timespan', \
            > > 'luainspect#highlight_cmd', 'xolox#reload#open_readonly',
            > > 'easytags#to_ctags_ft', 'pattern_to_lnum', \ 'unlock_session',
            > > 'c_syntax_for_h', 'g:shell_fullscreen_items',
            > > 's:current_source_directory', \ 'publish#create_dirs',
            > > 'reload_autoload', 'prepare_search_path', 's:viml_sl_prefix',
            > > 's:ruler_save', \ 'is_bash', 'xolox#reload#windows', 'g:loaded_pyref',
            > > 's:cpo_save', 'has_dll', 'xolox#path#tempdir', \ 'g:lua_inspect_events',
            > > 's:auto_reload_active', 'xolox#option#join_tags', 'highlight_variables',
            > > \ 'xolox#escape#pattern', 'easytags#file_has_tags', 'check_filetype',
            > > 's:scripttypes', \ 'script_sourced', 'b:luainspect_disabled',
            > > 'luainspect#auto_enable', '<c-]>', '<F5>', \ 'session#view_cmd',
            > > 'xolox#path#commonprefix', 'g:easytags_include_members',
            > > 'g:session_autosave', \ 'lock_session', 's:more_save', 's:huc_save',
            > > 'easytags#alias_filetypes', 'g:pyref_browser', \
            > > 'g:publish_viml_sl_hack', 's:tempdir_counter',
            > > 'easytags#supported_filetypes', \ 'easytags#add_tagged_file',
            > > 'unescape_tags', 'filter_merge_tags', 'b:luainspect_output', \
            > > 'g:xolox_messages', 'xolox#shell#highlight_urls', 'session#auto_save',
            > > 'find_dll_version', \ 's:window_to_info', 'b:easytags_nohl',
            > > 'easytags#write_tagsfile', 'g:loaded_easytags', \ 'reload_buffers',
            > > '<F6>', 'reload_syntax', 'xolox#shell#is_fullscreen',
            > > 'publish#prep_env', \ 's:groups', '<BS>', 'highlight_position',
            > > 's:tagkinds', 's:cached_layouts', 's:saved_qflist', \
            > > 'session#name_to_path', 'balloon_syntax', 'parse_text',
            > > 'xolox#path#merge', 'g:pyref_mapping', \ 'publish#resolve_files',
            > > 'session#save_fullscreen', 'g:shell_mappings_enabled',
            > > 'xolox#path#encode', \ 'reload_window', 'clear_message',
            > > 'xolox#escape#substitute', 'easytags#to_vim_ft', \ 'xolox#option#split',
            > > 's:tags_to_publish', '...', 's:windows_compatible',
            > > 'g:publish_plaintext', \ 'foreach_tabpage', 'xolox#shell#build_cmd',
            > > 'session#save_qflist', 'xolox#path#split'])
            > >
            > > [gdb.txt1K ]peter@laptop> gdb --args /usr/local/bin/gvim -fu NONE
            > > --noplugin -NS crash.vim GNU gdb (GDB) 7.0-ubuntu
            > > Copyright (C) 2009 Free Software Foundation, Inc.
            > > License GPLv3+: GNU GPL version 3 or later
            > > <http://gnu.org/licenses/gpl.html> This is free software: you are free
            > > to change and redistribute it. There is NO WARRANTY, to the extent
            > > permitted by law. Type "show copying" and "show warranty" for details.
            > > This GDB was configured as "x86_64-linux-gnu".
            > > For bug reporting instructions, please see:
            > > <http://www.gnu.org/software/gdb/bugs/>...
            > > Reading symbols from /usr/local/bin/gvim...done.
            > > (gdb) r
            > > Starting program: /usr/local/bin/gvim -fu NONE --noplugin -NS crash.vim
            > > [Thread debugging using libthread_db enabled]
            > >
            > > (gvim:4029): GLib-WARNING **: g_set_prgname() called multiple times
            > >
            > > Program received signal SIGSEGV, Segmentation fault.
            > > 0x0000000000564107 in regmatch (scan=0x97743a "\003") at regexp.c:4730
            > > 4730 if (OP(next) != BRANCH) /* No choice. */
            > > (gdb) where
            > > #0 0x0000000000564107 in regmatch (scan=0x97743a "\003") at
            > > regexp.c:4730 #1 0x0000000000561c50 in regtry (prog=0x977420, col=0) at
            > > regexp.c:3711 #2 0x0000000000561a17 in vim_regexec_both (line=0xb93d50
            > > "", col=0, tm=0x0) at regexp.c:3600 #3 0x0000000000561342 in
            > > vim_regexec (rmp=0x7fffffffdf30, line=0xb93d50 "", col=0) at
            > > regexp.c:3347 #4 0x00000000004c0d5d in match_file_pat (pattern=0x0,
            > > prog=0x977420, fname=0xb93d50 "", sfname=0x0, tail=0xb93d50 "",
            > > allow_dirs=0) at fileio.c:10003 #5 0x00000000004c035e in auto_next_pat
            > > (apc=0x7fffffffe080, stop_at_last=0) at fileio.c:9525 #6
            > > 0x00000000004bff4a in apply_autocmds_group (event=EVENT_VIMENTER,
            > > fname=0xb93d50 "", fname_io=0x0, force=0, group=-3, buf=0x8a1990,
            > > eap=0x0) at fileio.c:9358 #7 0x00000000004bf860 in apply_autocmds
            > > (event=EVENT_VIMENTER, fname=0x0, fname_io=0x0, force=0, buf=0x8a1990)
            > > at fileio.c:8994 #8 0x00000000004dc1dc in main (argc=6,
            > > argv=0x7fffffffe438) at main.c:903
            > >
            > > valgrind.log
            > > 3KViewDownload
          • Carlo
            I believe I ve got a patch for this (see below). First, if you look at the stacktrace in some detail in gdb, you ll see that this error occurs while matching
            Message 5 of 13 , Sep 11, 2010
              I believe I've got a patch for this (see below).

              First, if you look at the stacktrace in some detail in gdb, you'll see
              that this error occurs while matching regexp ".*" against the current
              filename ("" in this case) during autocmd execution. The crash occurs
              because in line 4730, 'next' is null. In line 3888, 'next' is the
              result of calling regnext(). regnext() returns NULL because global
              variable reg_toolong is TRUE. But of course the pattern ".*" is not
              too long - instead, this is left over from the evaluation of the
              previous very long regexp ("a\|a\|a...").

              This confusion occurs because regnext() is used both in compilation
              and evaluation of regexes. Its behaviour of returning NULL if
              reg_toolong is TRUE really only makes sense during compilation. The
              easiest way to fix it is to just set reg_toolong to FALSE before
              starting regexp evaluation, as in my patch. (It can only ever be set
              to TRUE during the compilation phase.)

              Carlo


              diff --git a/src/regexp.c b/src/regexp.c
              --- a/src/regexp.c
              +++ b/src/regexp.c
              @@ -3339,6 +3339,7 @@ vim_regexec(rmp, line, col)
              reg_maxline = 0;
              reg_line_lbr = FALSE;
              reg_win = NULL;
              + reg_toolong = FALSE;
              ireg_ic = rmp->rm_ic;
              #ifdef FEAT_MBYTE
              ireg_icombine = FALSE;
              @@ -3363,6 +3364,7 @@ vim_regexec_nl(rmp, line, col)
              reg_maxline = 0;
              reg_line_lbr = TRUE;
              reg_win = NULL;
              + reg_toolong = FALSE;
              ireg_ic = rmp->rm_ic;
              #ifdef FEAT_MBYTE
              ireg_icombine = FALSE;
              @@ -3399,6 +3401,7 @@ vim_regexec_multi(rmp, win, buf, lnum, c
              reg_firstlnum = lnum;
              reg_maxline = reg_buf->b_ml.ml_line_count - lnum;
              reg_line_lbr = FALSE;
              + reg_toolong = FALSE;
              ireg_ic = rmp->rmm_ic;
              #ifdef FEAT_MBYTE
              ireg_icombine = FALSE;

              On 11 Sep, 17:09, Carlo <carlo.teub...@...> wrote:
              > On Sep 5, 3:33 am, Peter Odding <pe...@...> wrote:
              >
              > > The regex is a 77 KB monstrosity that's supposed to match a predefined
              > > set of strings in 2html.vim output and is complicated by the fact that
              > > it also matches strings with embedded HTML tags. The regex is corrupt
              > > because of a bug in my plug-in; I forgot to escape special characters
              > > like [.
              >
              > I can reproduce this crash with a much simpler, valid, regex:
              >
              > $ vim -Ngfu NONE --noplugin -c "execute '/' . repeat('a\|', 9000) .
              > 'a'"
              > Vim: Caught deadly signal SEGV
              >
              > On my machine, it crashes with 9000 but not with 8000 repetitions.
              >
              > > I'm also attaching a backtrace from GDB and the output of Valgrind,
              > > which tell me that Vim crashes because of a NULL pointer dereference at
              > > regexp.c:4730 in the latest Vim 7.3 source. I've tried reasoning about
              > > this but regmatch() is far too complex for my comprehension at the
              > > moment :-)
              >
              > My backtrace is exactly the same:
              >
              > (gdb) bt
              > #0  0x000000000055a545 in regmatch (scan=0x953cba "\003") at regexp.c:
              > 4730
              > #1  0x0000000000557dd5 in regtry (prog=0x953ca0, col=0) at regexp.c:
              > 3711
              > #2  0x0000000000557b9c in vim_regexec_both (line=0xabe7c0 "", col=0,
              > tm=0x0) at regexp.c:3600
              > #3  0x00000000005574c7 in vim_regexec (rmp=0x7fffffffdd00,
              > line=0xabe7c0 "", col=0) at regexp.c:3347
              > #4  0x00000000004b85cd in match_file_pat (pattern=0x0, prog=0x953ca0,
              > fname=0xabe7c0 "", sfname=0x0, tail=
              >     0xabe7c0 "", allow_dirs=0) at fileio.c:10003
              > #5  0x00000000004b7bd2 in auto_next_pat (apc=0x7fffffffde50,
              > stop_at_last=0) at fileio.c:9525
              > #6  0x00000000004b77d8 in apply_autocmds_group (event=EVENT_VIMENTER,
              > fname=0xabe7c0 "", fname_io=0x0, force=0,
              >     group=-3, buf=0x88c150, eap=0x0) at fileio.c:9358
              > #7  0x00000000004b7108 in apply_autocmds (event=EVENT_VIMENTER,
              > fname=0x0, fname_io=0x0, force=0, buf=0x88c150)
              >     at fileio.c:8994
              > #8  0x00000000004d3973 in main (argc=6, argv=0x7fffffffe1e8) at main.c:
              > 903
              >
              > Carlo
              >
              > (I attempted to post this message earlier but it somehow didn't make
              > it through)
              >
              >
              >
              > >   - Peter Odding
              >
              > > [crash.vim5K ]function! s:VimCrashOnRegexEval(tags)
              > >   let patterns = []
              > >   let short = s:IgnoreHTML('s') . s:IgnoreHTML(':')
              > >   let long = s:IgnoreHTML('<') . s:IgnoreHTML('[Ss][Ii][Dd]') . s:IgnoreHTML('>')
              > >   let prefix = '\%(' . short . '\|' . long . '\)'
              > >   for name in a:tags
              > >     let tokens = [prefix]
              > >     for token in split(name, '\W\@=\|\W\@<=')
              > >       " The bug in my original code was that I didn't escape special pattern characters in
              > >       " {token} before adding it to {tokens}, but that doesn't mean Vim should crash :-(
              > >       call add(tokens, s:IgnoreHTML(token))
              > >     endfor
              > >     call add(patterns, join(tokens, ''))
              > >   endfor
              > >   execute '/' . escape(join(patterns, '\|'), '~/')
              > > endfunction
              >
              > > function! s:IgnoreHTML(s)
              > >   return printf('\%%(<[^/][^>]*>%s</[^>]\+>\|%s\)', a:s, a:s)
              > > endfunction
              >
              > > call s:VimCrashOnRegexEval(['s:msg', 'g:loaded_publish', 'foreach_window', 's:ei_save',
              > >  \ 's:loaded_scripts', 'tex_fold_enabled', 'g:timer_verbosity', '<Tab>', 'reload_colors',
              > >  \ 'b:luainspect_syntax_error', 'g:easytags_resolve_links', 's:hif_save', 'unresolve_scriptname',
              > >  \ 'g:easytags_always_enabled', '<Home>', 'session#get_names', 's:directory', 'session#save_cmd',
              > >  \ 's:stal_save', 'session#auto_dirty_check', 'persist_special_windows', '<C-Down>',
              > >  \ 'b:luainspect_input', 'ignore_html', 's:ctags_filetypes', 'session#close_cmd', 's:object_methods',
              > >  \ 'xolox#timer#stop', 'easytags#highlight', 'g:session_autoload', 'g:publish_omit_dothtml',
              > >  \ 'save_plugin_window', 'netrw_hide', 'prep_cmdline', 's:cached_contents', 'g:lua_inspect_internal',
              > >  \ 'java_allow_cpp_keywords', 'open_at_cursor', 'luainspect#make_request', 'library_call',
              > >  \ 'xolox#debug', 'publish#run_rsync', 'easytags#get_tagsfile', 's:script', 'session#auto_load',
              > >  \ 'g:reload_on_write', 'easytags#read_tagsfile', 'publish#html_encode', '<Left>', 's:tagged_files',
              > >  \ 'easytags#update', 'xolox#path#absolute', 'easytags#map_filetypes', 'rename_variable',
              > >  \ 'publish#rsync_check', 'tex_flavor', '<Right>', 's:lock_files', 's:library_version', '<F11>',
              > >  \ 'g:html_ignore_folding', 's:has_reltime', 'g:html_number_lines', 'g:easytags_on_cursorhold',
              > >  \ 'save_qflist', 'g:easytags_autorecurse', 'find_tagged_files', 's:changed_path', 's:enoimpl',
              > >  \ 'escape_tags', 'g:loaded_session', 'xolox#timer#start', 'get_name', 'g:easytags_ignored_filetypes',
              > >  \ 'xolox#shell#open_cmd', 'xolox#quote_pattern', 'xolox#shell#execute', 'convert_value',
              > >  \ 'xolox#unique', 'session#path_to_name', '<Esc>[A', 'session#open_cmd', 'python_highlight_all',
              > >  \ '<A-Right>', 's:files_to_publish', 'define_default_styles', 's:supported_filetypes',
              > >  \ 'xolox#option#join', 's:loclist_to_window', 'session#delete_cmd', '<Esc>[23~', 'session#save_state',
              > >  \ '<Del>', 'vimsyn_noerror', 'publish#find_tags', 'reload_indent', 'xolox#shell#open_with',
              > >  \ 's:cached_filenames', 'xolox#reload#script', 'g:easytags_ctags_version', 'g:html_use_css',
              > >  \ 'clear_previous_matches', 'is_windows', 'session#save_colors', 'select_name',
              > >  \ 's:reload_script_active', 'session_is_locked', 'session#auto_unlock', 'set_tagged_files',
              > >  \ 'publish#create_subst_cmd', 'jump_to_window', 's:smd_save', 'g:xolox_message_buffer',
              > >  \ 'xolox#option#split_tags', 'g:easytags_cmd', 'xolox#path#equals', '<C-Up>', 'xolox#path#join',
              > >  \ 'xolox#warning', 's:hnl_save', 's:mls_save', 's:reloading_buffers', 's:aliases',
              > >  \ 'xolox#shell#fullscreen', 's:vim_filetypes', 'b:luainspect_warnings', 'cache_tagged_files',
              > >  \ 'easytags#autoload', 's:fullscreen_enabled', 'session#save_session', '<A-Left>', 'xolox#message',
              > >  \ 's:units', 'session#restart_cmd', 'g:timer_enabled', 's:contact', 'easytags#define_tagkind',
              > >  \ 'xolox#path#decode', '***', 'handle_error', 'reload_ftplugin', 'g:lua_inspect_warnings',
              > >  \ 's:session_is_dirty', 'xolox#shell#open_url', 'parse_scriptnames', 'session#save_features',
              > >  \ 'check_output', 'session#complete_names', '<C-S-PageUp>', 'xolox#path#relative', '<F3>',
              > >  \ 'b:easytags_last_highlighted', 'reload_message', 'update_warnings', 's:canonical_aliases',
              > >  \ 'reload_plugin', 's:go_toggled', 'publish#customize_html', 'g:shell_open_cmds', 'check_cfile',
              > >  \ 'run_ctags', '<C-S-PageDown>', 'g:loaded_luainspect', 'xolox#timer#format_timespan',
              > >  \ 'luainspect#highlight_cmd', 'xolox#reload#open_readonly', 'easytags#to_ctags_ft', 'pattern_to_lnum',
              > >  \ 'unlock_session', 'c_syntax_for_h', 'g:shell_fullscreen_items', 's:current_source_directory',
              > >  \ 'publish#create_dirs', 'reload_autoload', 'prepare_search_path', 's:viml_sl_prefix', 's:ruler_save',
              > >  \ 'is_bash', 'xolox#reload#windows', 'g:loaded_pyref', 's:cpo_save', 'has_dll', 'xolox#path#tempdir',
              > >  \ 'g:lua_inspect_events', 's:auto_reload_active', 'xolox#option#join_tags', 'highlight_variables',
              > >  \ 'xolox#escape#pattern', 'easytags#file_has_tags', 'check_filetype', 's:scripttypes',
              > >  \ 'script_sourced', 'b:luainspect_disabled', 'luainspect#auto_enable', '<c-]>', '<F5>',
              > >  \ 'session#view_cmd', 'xolox#path#commonprefix', 'g:easytags_include_members', 'g:session_autosave',
              > >  \ 'lock_session', 's:more_save', 's:huc_save', 'easytags#alias_filetypes', 'g:pyref_browser',
              > >  \ 'g:publish_viml_sl_hack', 's:tempdir_counter', 'easytags#supported_filetypes',
              > >  \ 'easytags#add_tagged_file', 'unescape_tags', 'filter_merge_tags', 'b:luainspect_output',
              > >  \ 'g:xolox_messages', 'xolox#shell#highlight_urls', 'session#auto_save', 'find_dll_version',
              > >  \ 's:window_to_info', 'b:easytags_nohl', 'easytags#write_tagsfile', 'g:loaded_easytags',
              > >  \ 'reload_buffers', '<F6>', 'reload_syntax', 'xolox#shell#is_fullscreen', 'publish#prep_env',
              > >  \ 's:groups', '<BS>', 'highlight_position', 's:tagkinds', 's:cached_layouts', 's:saved_qflist',
              > >  \ 'session#name_to_path', 'balloon_syntax', 'parse_text', 'xolox#path#merge', 'g:pyref_mapping',
              > >  \ 'publish#resolve_files', 'session#save_fullscreen', 'g:shell_mappings_enabled', 'xolox#path#encode',
              > >  \ 'reload_window', 'clear_message', 'xolox#escape#substitute', 'easytags#to_vim_ft',
              > >  \ 'xolox#option#split', 's:tags_to_publish', '...', 's:windows_compatible', 'g:publish_plaintext',
              > >  \ 'foreach_tabpage', 'xolox#shell#build_cmd', 'session#save_qflist', 'xolox#path#split'])
              >
              > > [gdb.txt1K ]peter@laptop> gdb --args /usr/local/bin/gvim -fu NONE --noplugin -NS crash.vim
              > > GNU gdb (GDB) 7.0-ubuntu
              > > Copyright (C) 2009 Free Software Foundation, Inc.
              > > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
              > > This is free software: you are free to change and redistribute it.
              > > There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
              > > and "show warranty" for details.
              > > This GDB was configured as "x86_64-linux-gnu".
              > > For bug reporting instructions, please see:
              > > <http://www.gnu.org/software/gdb/bugs/>...
              > > Reading symbols from /usr/local/bin/gvim...done.
              > > (gdb) r
              > > Starting program: /usr/local/bin/gvim -fu NONE --noplugin -NS crash.vim
              > > [Thread debugging using libthread_db enabled]
              >
              > > (gvim:4029): GLib-WARNING **: g_set_prgname() called multiple times
              >
              > > Program received signal SIGSEGV, Segmentation fault.
              > > 0x0000000000564107 in regmatch (scan=0x97743a "\003") at regexp.c:4730
              > > 4730                    if (OP(next) != BRANCH) /* No choice. */
              > > (gdb) where
              > > #0  0x0000000000564107 in regmatch (scan=0x97743a "\003") at regexp.c:4730
              > > #1  0x0000000000561c50 in regtry (prog=0x977420, col=0) at regexp.c:3711
              > > #2  0x0000000000561a17 in vim_regexec_both (line=0xb93d50 "", col=0, tm=0x0) at regexp.c:3600
              > > #3  0x0000000000561342 in vim_regexec (rmp=0x7fffffffdf30, line=0xb93d50 "", col=0) at regexp.c:3347
              > > #4  0x00000000004c0d5d in match_file_pat (pattern=0x0,
              >
              > ...
              >
              > read more »

              --
              You received this message from the "vim_dev" maillist.
              Do not top-post! Type your reply below the text you are replying to.
              For more information, visit http://www.vim.org/maillist.php
            • Peter Odding
              Hi Carlo, I can confirm that the much simpler regex you posted also crashes Vim (in the same way) and that your patch fixes the segmentation fault. Thanks for
              Message 6 of 13 , Sep 11, 2010
                Hi Carlo,

                I can confirm that the much simpler regex you posted also crashes Vim
                (in the same way) and that your patch fixes the segmentation fault.
                Thanks for taking the time to look into this and posting your patch!

                Cheers,

                - Peter Odding

                --
                You received this message from the "vim_dev" maillist.
                Do not top-post! Type your reply below the text you are replying to.
                For more information, visit http://www.vim.org/maillist.php
              • Carlo
                ... Just changing the subject for visibility of my patch (same one included again below). Apologies for the spam. Carlo diff --git a/src/regexp.c
                Message 7 of 13 , Sep 12, 2010
                  On 11 Sep, 19:02, Carlo <carlo.teub...@...> wrote:
                  > I believe I've got a patch for this (see below).

                  Just changing the subject for visibility of my patch (same one
                  included again below). Apologies for the spam.

                  Carlo


                  diff --git a/src/regexp.c b/src/regexp.c
                  --- a/src/regexp.c
                  +++ b/src/regexp.c
                  @@ -3339,6 +3339,7 @@ vim_regexec(rmp, line, col)
                  reg_maxline = 0;
                  reg_line_lbr = FALSE;
                  reg_win = NULL;
                  + reg_toolong = FALSE;
                  ireg_ic = rmp->rm_ic;
                  #ifdef FEAT_MBYTE
                  ireg_icombine = FALSE;
                  @@ -3363,6 +3364,7 @@ vim_regexec_nl(rmp, line, col)
                  reg_maxline = 0;
                  reg_line_lbr = TRUE;
                  reg_win = NULL;
                  + reg_toolong = FALSE;
                  ireg_ic = rmp->rm_ic;
                  #ifdef FEAT_MBYTE
                  ireg_icombine = FALSE;
                  @@ -3399,6 +3401,7 @@ vim_regexec_multi(rmp, win, buf, lnum, c
                  reg_firstlnum = lnum;
                  reg_maxline = reg_buf->b_ml.ml_line_count - lnum;
                  reg_line_lbr = FALSE;
                  + reg_toolong = FALSE;
                  ireg_ic = rmp->rmm_ic;
                  #ifdef FEAT_MBYTE
                  ireg_icombine = FALSE;

                  --
                  You received this message from the "vim_dev" maillist.
                  Do not top-post! Type your reply below the text you are replying to.
                  For more information, visit http://www.vim.org/maillist.php
                • Bram Moolenaar
                  ... Thank you very much for pinpointing the problem and making a patch. I think it s a bit simpler to reset reg_toolong further down, then it s needed only
                  Message 8 of 13 , Sep 14, 2010
                    Carlo Teubner wrote:

                    > I believe I've got a patch for this (see below).
                    >
                    > First, if you look at the stacktrace in some detail in gdb, you'll see
                    > that this error occurs while matching regexp ".*" against the current
                    > filename ("" in this case) during autocmd execution. The crash occurs
                    > because in line 4730, 'next' is null. In line 3888, 'next' is the
                    > result of calling regnext(). regnext() returns NULL because global
                    > variable reg_toolong is TRUE. But of course the pattern ".*" is not
                    > too long - instead, this is left over from the evaluation of the
                    > previous very long regexp ("a\|a\|a...").
                    >
                    > This confusion occurs because regnext() is used both in compilation
                    > and evaluation of regexes. Its behaviour of returning NULL if
                    > reg_toolong is TRUE really only makes sense during compilation. The
                    > easiest way to fix it is to just set reg_toolong to FALSE before
                    > starting regexp evaluation, as in my patch. (It can only ever be set
                    > to TRUE during the compilation phase.)

                    Thank you very much for pinpointing the problem and making a patch.

                    I think it's a bit simpler to reset reg_toolong further down, then it's
                    needed only once.

                    --
                    hundred-and-one symptoms of being an internet addict:
                    124. You begin conversations with, "Who is your internet service provider?"

                    /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net \\\
                    /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
                    \\\ download, build and distribute -- http://www.A-A-P.org ///
                    \\\ help me help AIDS victims -- http://ICCF-Holland.org ///

                    --
                    You received this message from the "vim_dev" maillist.
                    Do not top-post! Type your reply below the text you are replying to.
                    For more information, visit http://www.vim.org/maillist.php
                  Your message has been successfully submitted and would be delivered to recipients shortly.