Loading ...
Sorry, an error occurred while loading the content.

Seg fault upon & command in 7.4.233

Expand Messages
  • Gary Johnson
    I triggered a seg fault when I accidentally hit & instead of ^ in normal mode. I can easily reproduce it with the attached viminfo file (compressed for
    Message 1 of 3 , May 9, 2014
    • 0 Attachment
      I triggered a seg fault when I accidentally hit '&' instead
      of '^' in normal mode. I can easily reproduce it with the attached
      viminfo file (compressed for integrity) and by starting vim as

      vim -N -u NONE -i vimrc

      then typing

      &

      The lines in viminfo that seem to be causing the problem are these:

      # Last Search Pattern:
      ~MSle0~/extern

      # Last Substitute Search Pattern:
      ~MSle0&\<[A-Z][A-Z0-9]\+\>

      # Last Substitute String:
      $

      Here is the backtrace from gdb.

      #0 0x0000003dbfa35c47 in kill () from /lib64/libc.so.6
      #1 0x000000000053f911 in may_core_dump () at os_unix.c:3251
      #2 0x000000000053f8b5 in mch_exit (r=1) at os_unix.c:3217
      #3 0x00000000006118a7 in getout (exitval=1) at main.c:1500
      #4 0x00000000004fcfd0 in preserve_exit () at misc1.c:9166
      #5 0x000000000053d9b1 in deathtrap (sigarg=11) at os_unix.c:1113
      #6 <signal handler called>
      #7 0x0000003dbfb2ecd6 in __strcmp_sse42 () from /lib64/libc.so.6
      #8 0x0000000000481285 in do_sub (eap=0x7fffb2d1b120) at ex_cmds.c:4428
      #9 0x0000000000490167 in do_one_cmd (cmdlinep=0x7fffb2d1b798, sourcing=0, cstack=0x7fffb2d1b2f0, fgetline=0x4a5453 <getexline>, cookie=0x0) at ex_docmd.c:2701
      #10 0x000000000048d7d7 in do_cmdline (cmdline=0x0, fgetline=0x4a5453 <getexline>, cookie=0x0, flags=0) at ex_docmd.c:1126
      #11 0x000000000051a17e in nv_colon (cap=0x7fffb2d1b8c0) at normal.c:5308
      #12 0x0000000000512cc4 in normal_cmd (oap=0x7fffb2d1b990, toplevel=1) at normal.c:1156
      #13 0x0000000000611599 in main_loop (cmdwin=0, noexmode=0) at main.c:1325
      #14 0x0000000000610fe8 in main (argc=6, argv=0x7fffb2d1bca8) at main.c:1025

      The problem is that strcmp() is being called at line 4428 of
      ex_cmds.c,

      if (STRCMP(pat, "\\n") == 0 && STRLEN(pat) == 2

      with a null value of pat. From a little poking around and
      checking the values of eap->cmd, cmd and eap->skip, it appears that
      pat was set to null at line 4415:

      pat = NULL; /* search_regcomp() will use previous pattern */

      That doesn't seem like a good thing to do.

      That's as much debugging as I've had time to do today. Hope it's
      enough for someone to find the root problem. Otherwise, I'll try to
      get back to it next week and try it with a more recent version.

      I'm running the following version of Vim on Fedora 17.

      VIM - Vi IMproved 7.4 (2013 Aug 10, compiled Apr 1 2014 10:56:21)
      Included patches: 1-233
      Compiled by gary@...
      Normal version with GTK2 GUI. Features included (+) or not (-):
      +acl -farsi -mouse_netterm +syntax
      -arabic +file_in_path -mouse_sgr +tag_binary
      +autocmd +find_in_path -mouse_sysmouse +tag_old_static
      +balloon_eval +float -mouse_urxvt -tag_any_white
      +browse +folding +mouse_xterm -tcl
      +builtin_terms -footer +multi_byte +terminfo
      +byte_offset +fork() +multi_lang +termresponse
      +cindent +gettext -mzscheme +textobjects
      +clientserver -hangul_input +netbeans_intg +title
      +clipboard +iconv +path_extra +toolbar
      +cmdline_compl +insert_expand -perl +user_commands
      +cmdline_hist +jumplist +persistent_undo +vertsplit
      +cmdline_info -keymap +postscript +virtualedit
      +comments -langmap +printer +visual
      -conceal +libcall -profile +visualextra
      +cryptv +linebreak +python +viminfo
      +cscope +lispindent -python3 +vreplace
      +cursorbind +listcmds +quickfix +wildignore
      +cursorshape +localmap +reltime +wildmenu
      +dialog_con_gui -lua -rightleft +windows
      +diff +menu -ruby +writebackup
      +digraphs +mksession +scrollbind +X11
      +dnd +modify_fname +signs -xfontset
      -ebcdic +mouse +smartindent +xim
      -emacs_tags +mouseshape -sniff +xsmp_interact
      +eval -mouse_dec +startuptime +xterm_clipboard
      +ex_extra +mouse_gpm +statusline -xterm_save
      +extra_search -mouse_jsbterm -sun_workshop +xpm
      system vimrc file: "$VIM/vimrc"
      user vimrc file: "$HOME/.vimrc"
      2nd user vimrc file: "~/.vim/vimrc"
      user exrc file: "$HOME/.exrc"
      system gvimrc file: "$VIM/gvimrc"
      user gvimrc file: "$HOME/.gvimrc"
      2nd user gvimrc file: "~/.vim/gvimrc"
      system menu file: "$VIMRUNTIME/menu.vim"
      fall-back for $VIM: "/home/gary/src/vim-7.4/share/vim"
      Compilation: gcc -c -I. -Iproto -DHAVE_CONFIG_H -DFEAT_GUI_GTK -pthread -I/usr/include/gtk-2.0 -I/usr/lib64/gtk-2.0/include -I/usr/include/atk-1.0 -I/usr/include/cairo -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/pango-1.0 -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng15 -g -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=1
      Linking: gcc -L/usr/local/lib -Wl,--as-needed -o vim -lgtk-x11-2.0 -lgdk-x11-2.0 -latk-1.0 -lgio-2.0 -lpangoft2-1.0 -lpangocairo-1.0 -lgdk_pixbuf-2.0 -lcairo -lpango-1.0 -lfreetype -lfontconfig -lgobject-2.0 -lglib-2.0 -lSM -lICE -lXpm -lXt -lX11 -lXdmcp -lSM -lICE -lm -ltinfo -lnsl -lselinux -lacl -lattr -lgpm -ldl -L/usr/lib64/python2.7/config -lpython2.7 -lpthread -ldl -lutil -lm -Xlinker -export-dynamic

      Regards,
      Gary

      --
      --
      You received this message from the "vim_dev" maillist.
      Do not top-post! Type your reply below the text you are replying to.
      For more information, visit http://www.vim.org/maillist.php

      ---
      You received this message because you are subscribed to the Google Groups "vim_dev" group.
      To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
      For more options, visit https://groups.google.com/d/optout.
    • Dominique PellĂ©
      ... Hi Gary It looks like the bug already fixed by patch 7.4.245 (you re using Vim-7.4.233). ... changeset: 5802:80421d934ebd tag: v7-4-245 user:
      Message 2 of 3 , May 9, 2014
      • 0 Attachment
        Gary Johnson wrote:

        > I triggered a seg fault when I accidentally hit '&' instead
        > of '^' in normal mode. I can easily reproduce it with the attached
        > viminfo file (compressed for integrity) and by starting vim as
        >
        > vim -N -u NONE -i vimrc
        >
        > then typing
        >
        > &

        Hi Gary

        It looks like the bug already fixed by patch 7.4.245
        (you're using Vim-7.4.233).

        ---
        changeset: 5802:80421d934ebd
        tag: v7-4-245
        user: Bram Moolenaar <bram@...>
        date: Fri Apr 04 19:00:48 2014 +0200
        files: src/ex_cmds.c src/version.c
        description:
        updated for version 7.4.245
        Problem: Crash for "vim -u NONE -N -c '&&'".
        Solution: Check for the pattern to be NULL. (Dominique Pelle)
        ---

        Regards
        Dominique

        --
        --
        You received this message from the "vim_dev" maillist.
        Do not top-post! Type your reply below the text you are replying to.
        For more information, visit http://www.vim.org/maillist.php

        ---
        You received this message because you are subscribed to the Google Groups "vim_dev" group.
        To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
        For more options, visit https://groups.google.com/d/optout.
      • Gary Johnson
        ... Thanks. I just pulled the latest and see that that pointer is now checked for NULL before calling strcmp(). Regards, Gary -- -- You received this message
        Message 3 of 3 , May 9, 2014
        • 0 Attachment
          On 2014-05-09, Dominique Pellé wrote:
          > Gary Johnson wrote:
          >
          > > I triggered a seg fault when I accidentally hit '&' instead
          > > of '^' in normal mode. I can easily reproduce it with the attached
          > > viminfo file (compressed for integrity) and by starting vim as
          > >
          > > vim -N -u NONE -i vimrc
          > >
          > > then typing
          > >
          > > &
          >
          > Hi Gary
          >
          > It looks like the bug already fixed by patch 7.4.245
          > (you're using Vim-7.4.233).
          >
          > ---
          > changeset: 5802:80421d934ebd
          > tag: v7-4-245
          > user: Bram Moolenaar <bram@...>
          > date: Fri Apr 04 19:00:48 2014 +0200
          > files: src/ex_cmds.c src/version.c
          > description:
          > updated for version 7.4.245
          > Problem: Crash for "vim -u NONE -N -c '&&'".
          > Solution: Check for the pattern to be NULL. (Dominique Pelle)
          > ---

          Thanks. I just pulled the latest and see that that pointer is now
          checked for NULL before calling strcmp().

          Regards,
          Gary

          --
          --
          You received this message from the "vim_dev" maillist.
          Do not top-post! Type your reply below the text you are replying to.
          For more information, visit http://www.vim.org/maillist.php

          ---
          You received this message because you are subscribed to the Google Groups "vim_dev" group.
          To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
          For more options, visit https://groups.google.com/d/optout.
        Your message has been successfully submitted and would be delivered to recipients shortly.