Re: Patch 7.4.2347

2016-09-11 Fir de Conversatie Bram Moolenaar 

Dominique Pellé wrote:

> Bram Moolenaar wrote:
> >
> > Patch 7.4.2347
> > Problem:Crash when closing a buffer while Visual mode is active.
> > (Dominique Pelle)
> > Solution:   Adjust the position before computing the number of lines.
> > When closing the current buffer stop Visual mode.
> > Files:  src/buffer.c, src/normal.c, src/testdir/test_normal.vim
> 
> Hi
> 
> Using vim-7.4.2361, I see the following bug discovered using
> afl-fuzz and which is a regression introduced by patch 7.4.2347:
> 
> $ cat <bug.vim
> call setline(1, ['', 'a b', '', ''])
> call feedkeys("/b\", 'x')
> 1@
> bw!
> EOF
> 
> $ valgrind vim -u NONE -i NONE -S bug.vim -cq 2> log
> 
> ==15099== Memcheck, a memory error detector
> ==15099== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
> ==15099== Using Valgrind-3.12.0.SVN and LibVEX; rerun with -h for copyright 
> info
> ==15099== Command: vim -u NONE -N -S bug.vim -cq
> ==15099==
> ==15099== Invalid read of size 1
> ==15099==at 0x4C97F0: utf_ptr2char (mbyte.c:1761)
> ==15099==by 0x4E0046: adjust_cursor_eol (ops.c:3984)
> ==15099==by 0x4116C0: do_buffer (buffer.c:1393)
> ==15099==by 0x4119F2: do_bufdel (buffer.c:1089)
> ==15099==by 0x45FA4F: ex_bunload (ex_docmd.c:5514)
> ==15099==by 0x46808C: do_one_cmd (ex_docmd.c:2962)
> ==15099==by 0x46808C: do_cmdline (ex_docmd.c:1110)
> ==15099==by 0x45C651: do_source (ex_cmds2.c:4111)
> ==15099==by 0x45D0BB: cmd_source (ex_cmds2.c:3724)
> ==15099==by 0x46808C: do_one_cmd (ex_docmd.c:2962)
> ==15099==by 0x46808C: do_cmdline (ex_docmd.c:1110)
> ==15099==by 0x59B09B: exe_commands (main.c:2896)
> ==15099==by 0x59B09B: vim_main2 (main.c:781)
> ==15099==by 0x407B05: main (main.c:415)
> ==15099==  Address 0x76da9f1 is 1 bytes after a block of size 4,096 alloc'd
> ==15099==at 0x4C2ABF5: malloc (vg_replace_malloc.c:299)
> ==15099==by 0x4C242B: lalloc (misc2.c:942)
> ==15099==by 0x59BC10: mf_alloc_bhdr.isra.3 (memfile.c:907)
> ==15099==by 0x59C926: mf_new (memfile.c:381)
> ==15099==by 0x4A87FF: ml_new_data (memline.c:3513)
> ==15099==by 0x4AB1FC: ml_open (memline.c:400)
> ==15099==by 0x4103E6: open_buffer (buffer.c:160)
> ==15099==by 0x59AD01: create_windows (main.c:2668)
> ==15099==by 0x59AD01: vim_main2 (main.c:704)
> ==15099==by 0x407B05: main (main.c:415)
> ...snip...

Thanks.  It's not really a regression, but uncovering another problem.
The ":1@" changes the line number without correcting the column.

I tried writing a test, but since the "1@" command fails, and I can't
find another way of triggering the problem, I gave up on that.

-- 
The term "free software" is defined by Richard M. Stallman as
being software that isn't necessarily for free.  Confusing?
Let's call it "Stallman software" then!
-- Bram Moolenaar

 /// Bram Moolenaar -- b...@moolenaar.net -- http://www.Moolenaar.net   \\\
///sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\  an exciting new programming language -- http://www.Zimbu.org///
 \\\help me help AIDS victims -- http://ICCF-Holland.org///

-- 
-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

--- 
You received this message because you are subscribed to the Google Groups 
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to vim_dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Patch 7.4.2347

2016-09-08 Fir de Conversatie Bram Moolenaar 

Patch 7.4.2347
Problem:Crash when closing a buffer while Visual mode is active.
(Dominique Pelle)
Solution:   Adjust the position before computing the number of lines.
When closing the current buffer stop Visual mode.
Files:  src/buffer.c, src/normal.c, src/testdir/test_normal.vim


*** ../vim-7.4.2346/src/buffer.c2016-09-04 23:41:36.973433429 +0200
--- src/buffer.c2016-09-08 23:31:18.260925052 +0200
***
*** 578,583 
--- 578,588 
  if (buf->b_ffname == NULL)
del_buf = TRUE;
  
+ /* When closing the current buffer stop Visual mode before freeing
+  * anything. */
+ if (buf == curbuf)
+   end_visual_mode();
+ 
  /*
   * Free all things allocated for this buffer.
   * Also calls the "BufDelete" autocommands when del_buf is TRUE.
***
*** 1379,1384 
--- 1384,1393 
}
}
  
+   /* When closing the current buffer stop Visual mode. */
+   if (buf == curbuf)
+   end_visual_mode();
+ 
/*
 * If deleting the last (listed) buffer, make it empty.
 * The last (listed) buffer cannot be unloaded.
*** ../vim-7.4.2346/src/normal.c2016-09-04 20:34:55.763537404 +0200
--- src/normal.c2016-09-08 23:35:06.131082221 +0200
***
*** 1609,1614 
--- 1609,1616 
oap->start = curwin->w_cursor;
}
  
+   /* Just in case lines were deleted that make the position invalid. */
+   check_pos(curwin->w_buffer, >end);
oap->line_count = oap->end.lnum - oap->start.lnum + 1;
  
  #ifdef FEAT_VIRTUALEDIT
***
*** 9451,9460 
  #ifdef FEAT_MBYTE
  /* prevent from moving onto a trail byte */
  if (has_mbyte)
- {
-   check_pos(curwin->w_buffer, >end);
mb_adjustpos(curwin->w_buffer, >end);
- }
  #endif
  
  getvvcol(curwin, &(oap->start), >start_vcol, NULL, >end_vcol);
--- 9453,9459 
*** ../vim-7.4.2346/src/testdir/test_normal.vim 2016-09-06 20:37:38.206149358 
+0200
--- src/testdir/test_normal.vim 2016-09-08 23:23:15.304888249 +0200
***
*** 1998,2000 
--- 1998,2014 
" clean up
bw!
  endfu
+ 
+ func! Test_normal47_visual_buf_wipe()
+   " This was causing a crash or ml_get error.
+   enew!
+   call setline(1,'xxx')
+   normal $
+   new
+   call setline(1, range(1,2))
+   2
+   exe "norm \$"
+   bw!
+   norm yp
+   set nomodified
+ endfu
*** ../vim-7.4.2346/src/version.c   2016-09-08 22:10:04.753618339 +0200
--- src/version.c   2016-09-08 23:34:18.543465683 +0200
***
*** 765,766 
--- 765,768 
  {   /* Add new patch number below this line */
+ /**/
+ 2347,
  /**/

-- 
hundred-and-one symptoms of being an internet addict:
205. You're constantly yelling at your spouse, family, roommate, whatever,
 for using the phone for stupid things...like talking.

 /// Bram Moolenaar -- b...@moolenaar.net -- http://www.Moolenaar.net   \\\
///sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\  an exciting new programming language -- http://www.Zimbu.org///
 \\\help me help AIDS victims -- http://ICCF-Holland.org///

-- 
-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

--- 
You received this message because you are subscribed to the Google Groups 
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to vim_dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.