Re: Patch 7.4.2347
Dominique Pellé wrote: > Bram Moolenaar wrote: > > > > Patch 7.4.2347 > > Problem:Crash when closing a buffer while Visual mode is active. > > (Dominique Pelle) > > Solution: Adjust the position before computing the number of lines. > > When closing the current buffer stop Visual mode. > > Files: src/buffer.c, src/normal.c, src/testdir/test_normal.vim > > Hi > > Using vim-7.4.2361, I see the following bug discovered using > afl-fuzz and which is a regression introduced by patch 7.4.2347: > > $ cat <bug.vim > call setline(1, ['', 'a b', '', '']) > call feedkeys("/b\", 'x') > 1@ > bw! > EOF > > $ valgrind vim -u NONE -i NONE -S bug.vim -cq 2> log > > ==15099== Memcheck, a memory error detector > ==15099== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. > ==15099== Using Valgrind-3.12.0.SVN and LibVEX; rerun with -h for copyright > info > ==15099== Command: vim -u NONE -N -S bug.vim -cq > ==15099== > ==15099== Invalid read of size 1 > ==15099==at 0x4C97F0: utf_ptr2char (mbyte.c:1761) > ==15099==by 0x4E0046: adjust_cursor_eol (ops.c:3984) > ==15099==by 0x4116C0: do_buffer (buffer.c:1393) > ==15099==by 0x4119F2: do_bufdel (buffer.c:1089) > ==15099==by 0x45FA4F: ex_bunload (ex_docmd.c:5514) > ==15099==by 0x46808C: do_one_cmd (ex_docmd.c:2962) > ==15099==by 0x46808C: do_cmdline (ex_docmd.c:1110) > ==15099==by 0x45C651: do_source (ex_cmds2.c:4111) > ==15099==by 0x45D0BB: cmd_source (ex_cmds2.c:3724) > ==15099==by 0x46808C: do_one_cmd (ex_docmd.c:2962) > ==15099==by 0x46808C: do_cmdline (ex_docmd.c:1110) > ==15099==by 0x59B09B: exe_commands (main.c:2896) > ==15099==by 0x59B09B: vim_main2 (main.c:781) > ==15099==by 0x407B05: main (main.c:415) > ==15099== Address 0x76da9f1 is 1 bytes after a block of size 4,096 alloc'd > ==15099==at 0x4C2ABF5: malloc (vg_replace_malloc.c:299) > ==15099==by 0x4C242B: lalloc (misc2.c:942) > ==15099==by 0x59BC10: mf_alloc_bhdr.isra.3 (memfile.c:907) > ==15099==by 0x59C926: mf_new (memfile.c:381) > ==15099==by 0x4A87FF: ml_new_data (memline.c:3513) > ==15099==by 0x4AB1FC: ml_open (memline.c:400) > ==15099==by 0x4103E6: open_buffer (buffer.c:160) > ==15099==by 0x59AD01: create_windows (main.c:2668) > ==15099==by 0x59AD01: vim_main2 (main.c:704) > ==15099==by 0x407B05: main (main.c:415) > ...snip... Thanks. It's not really a regression, but uncovering another problem. The ":1@" changes the line number without correcting the column. I tried writing a test, but since the "1@" command fails, and I can't find another way of triggering the problem, I gave up on that. -- The term "free software" is defined by Richard M. Stallman as being software that isn't necessarily for free. Confusing? Let's call it "Stallman software" then! -- Bram Moolenaar /// Bram Moolenaar -- b...@moolenaar.net -- http://www.Moolenaar.net \\\ ///sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org/// \\\help me help AIDS victims -- http://ICCF-Holland.org/// -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Patch 7.4.2347
Patch 7.4.2347 Problem:Crash when closing a buffer while Visual mode is active. (Dominique Pelle) Solution: Adjust the position before computing the number of lines. When closing the current buffer stop Visual mode. Files: src/buffer.c, src/normal.c, src/testdir/test_normal.vim *** ../vim-7.4.2346/src/buffer.c2016-09-04 23:41:36.973433429 +0200 --- src/buffer.c2016-09-08 23:31:18.260925052 +0200 *** *** 578,583 --- 578,588 if (buf->b_ffname == NULL) del_buf = TRUE; + /* When closing the current buffer stop Visual mode before freeing + * anything. */ + if (buf == curbuf) + end_visual_mode(); + /* * Free all things allocated for this buffer. * Also calls the "BufDelete" autocommands when del_buf is TRUE. *** *** 1379,1384 --- 1384,1393 } } + /* When closing the current buffer stop Visual mode. */ + if (buf == curbuf) + end_visual_mode(); + /* * If deleting the last (listed) buffer, make it empty. * The last (listed) buffer cannot be unloaded. *** ../vim-7.4.2346/src/normal.c2016-09-04 20:34:55.763537404 +0200 --- src/normal.c2016-09-08 23:35:06.131082221 +0200 *** *** 1609,1614 --- 1609,1616 oap->start = curwin->w_cursor; } + /* Just in case lines were deleted that make the position invalid. */ + check_pos(curwin->w_buffer, >end); oap->line_count = oap->end.lnum - oap->start.lnum + 1; #ifdef FEAT_VIRTUALEDIT *** *** 9451,9460 #ifdef FEAT_MBYTE /* prevent from moving onto a trail byte */ if (has_mbyte) - { - check_pos(curwin->w_buffer, >end); mb_adjustpos(curwin->w_buffer, >end); - } #endif getvvcol(curwin, &(oap->start), >start_vcol, NULL, >end_vcol); --- 9453,9459 *** ../vim-7.4.2346/src/testdir/test_normal.vim 2016-09-06 20:37:38.206149358 +0200 --- src/testdir/test_normal.vim 2016-09-08 23:23:15.304888249 +0200 *** *** 1998,2000 --- 1998,2014 " clean up bw! endfu + + func! Test_normal47_visual_buf_wipe() + " This was causing a crash or ml_get error. + enew! + call setline(1,'xxx') + normal $ + new + call setline(1, range(1,2)) + 2 + exe "norm \$" + bw! + norm yp + set nomodified + endfu *** ../vim-7.4.2346/src/version.c 2016-09-08 22:10:04.753618339 +0200 --- src/version.c 2016-09-08 23:34:18.543465683 +0200 *** *** 765,766 --- 765,768 { /* Add new patch number below this line */ + /**/ + 2347, /**/ -- hundred-and-one symptoms of being an internet addict: 205. You're constantly yelling at your spouse, family, roommate, whatever, for using the phone for stupid things...like talking. /// Bram Moolenaar -- b...@moolenaar.net -- http://www.Moolenaar.net \\\ ///sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org/// \\\help me help AIDS victims -- http://ICCF-Holland.org/// -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.