On Sun, Oct 24, 2021 at 03:05:01PM -0500, Edgar Pettijohn wrote: > > On 10/24/21 10:11 AM, Klemens Nanni wrote: > >I fat fingered commands and it crashed. Here is a reproducer > >(files do not have to exist): > > > > $ vi foo > > :e > > :e bar > > :q! > > vi(12918) in free(): write after free 0xea559a2d980 > > Abort trap (core > > dumped) > > > >In words: open a file, open an empty file, open another file, exit > >forcefully. > > > >Here's a backtrace produced with a DEBUG='-g3 -O0' exectuable: > > > >#0 thrkill () at /tmp/-:3 > >3 /tmp/-: No such file or directory. > >#0 thrkill () at /tmp/-:3 > >#1 0x00000f8c41ddb78e in _libc_abort () at > >/usr/src/lib/libc/stdlib/abort.c:51 > >#2 0x00000f8c41d8e096 in wrterror (d=0xf8c0ff999e0, msg=0xf8c41d6c911 > >"write after free %p") at /usr/src/lib/libc/stdlib/malloc.c:307 > >#3 0x00000f8c41d8ee1a in ofree (argpool=0x7f7fffff3dc0, p=<optimized out>, > >clear=<optimized out>, check=<optimized out>, argsz=<optimized out>) at > >/usr/src/lib/libc/stdlib/malloc.c:1439 > >#4 0x00000f8c41d8e2db in free (ptr=0xf8bcf80a600) at > >/usr/src/lib/libc/stdlib/malloc.c:1470 > >#5 0x00000f89c487c803 in opts_free (sp=0xf8c03c1e7a0) at > >/usr/src/usr.bin/vi/build/../common/options.c:1096 > >#6 0x00000f89c4880936 in screen_end (sp=0xf8c03c1e7a0) at > >/usr/src/usr.bin/vi/build/../common/screen.c:192 > >#7 0x00000f89c489a013 in vi (spp=0x7f7fffff41d8) at > >/usr/src/usr.bin/vi/build/../vi/vi.c:257 > >#8 0x00000f89c4875a4b in editor (gp=0xf8c5dfc85f0, argc=1, > >argv=0x7f7fffff4320) at /usr/src/usr.bin/vi/build/../common/main.c:429 > >#9 0x00000f89c484566b in main (argc=2, argv=0x7f7fffff4318) at > >/usr/src/usr.bin/vi/build/../cl/cl_main.c:97 > > > > > >I have no time to look at this myself, feel free to take over. > > > If it helps to narrow this down I can't reproduce on 6.9
Are you sure? I'm seeing the issue on a 6.9 installation here.
