subject:"Re\: \[patch\] SEGV when autocmd BufUnload with bwipe"

Re: [patch] SEGV when autocmd BufUnload with bwipe

2016-09-04 Fir de Conversatie Bram Moolenaar


Hirohito Higashi wrote:

> 2016-9-4(Sun) 21:33:17 UTC+9 h_east:
> > Hi Bram and developers,
> > 
> > I checked in 7.4.2321
> > 
> >  Case 1 
> > How to reproduce:
> > - Create the following file:
> >   $ cat sample1.vim
> > edit a.txt
> > augroup sample
> >   autocmd!
> >   autocmd BufUnload  tabfirst | 2bwipeout!
> > augroup END
> > edit b.txt
> > 
> > - Run vanilla Vim with above script file
> >   $ vim -Nu NONE -S sample1.vim
> > 
> > Expected behavior:
> > SEGV does not occur.
> > 
> > Actual behavior:
> > SEGVed.
> > 
> > 
> > 
> >  Case 2 
> > How to reproduce:
> > - Create the following file:
> >   $ cat sample2.vim
> > setlocal buftype=nowrite
> > augroup sample
> >   autocmd!
> >   autocmd BufUnload  tabfirst | 2bwipeout
> > augroup END
> > normal! i1
> > edit a.txt
> > call feedkeys("\")
> > 
> > - Run vanilla Vim with above script file
> >   $ vim -Nu NONE -S sample2.vim
> > 
> > Expected behavior:
> > SEGV does not occur.
> > 
> > Actual behavior:
> > SEGVed.
> > 
> > 
> > I know there are rare case and salicious scripts.
> > But, It is not good to SEGV.
> > 
> > I wrote a patch.  --> `fix_autocmd_bufunload_with_bwipe.patch`
> > check it out.
> > I've also written test.  --> `autocmd_bufunload_with_bwipe_test.patch`
> > Unfortunately, it did not SEGV in the pre-patch binary :-/
> > 
> > NOTE: This issue was reported by Norio Takagi.  (Thanks!)
> 
> My patch also fixed the following case.
> 
>  Case 3 
> How to reproduce:
> - Create the following file:
>   $ cat sample3.vim
> tabedit
> augroup sample
>   autocmd!
>   autocmd BufWinLeave  tabfirst
> augroup END
> :%!ls
> edit! a.txt
> normal! gt
> :%!ls
> call feedkeys("\q::q\")
> 
> 
> - Run vanilla Vim with above script file
>   $ vim -Nu NONE -S sample3.vim
> 
> Expected behavior:
> SEGV does not occur.
> 
> Actual behavior:
> SEGVed.

That can be simplified to:

tabedit
augroup sample
  autocmd!
  autocmd BufWinLeave  tabfirst
augroup END
call setline(1, ['a', 'b', 'c'])
edit! a.txt

It still crashes.  Need to check the window changed also for
BufWinLeave.

-- 
"Hit any key to continue" is very confusing when you have two keyboards.

 /// Bram Moolenaar -- b...@moolenaar.net -- http://www.Moolenaar.net   \\\
///sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\  an exciting new programming language -- http://www.Zimbu.org///
 \\\help me help AIDS victims -- http://ICCF-Holland.org///

-- 
-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

--- 
You received this message because you are subscribed to the Google Groups 
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to vim_dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [patch] SEGV when autocmd BufUnload with bwipe

2016-09-04 Fir de Conversatie Bram Moolenaar


Hirohito Higashi wrote:

> Hi Bram and developers,
> 
> I checked in 7.4.2321
> 
>  Case 1 
> How to reproduce:
> - Create the following file:
>   $ cat sample1.vim
> edit a.txt
> augroup sample
>   autocmd!
>   autocmd BufUnload  tabfirst | 2bwipeout!
> augroup END
> edit b.txt
> 
> - Run vanilla Vim with above script file
>   $ vim -Nu NONE -S sample1.vim
> 
> Expected behavior:
> SEGV does not occur.
> 
> Actual behavior:
> SEGVed.
> 
> 
> 
>  Case 2 
> How to reproduce:
> - Create the following file:
>   $ cat sample2.vim
> setlocal buftype=nowrite
> augroup sample
>   autocmd!
>   autocmd BufUnload  tabfirst | 2bwipeout
> augroup END
> normal! i1
> edit a.txt
> call feedkeys("\")
> 
> - Run vanilla Vim with above script file
>   $ vim -Nu NONE -S sample2.vim
> 
> Expected behavior:
> SEGV does not occur.
> 
> Actual behavior:
> SEGVed.
> 
> 
> I know there are rare case and salicious scripts.
> But, It is not good to SEGV.
> 
> I wrote a patch.  --> `fix_autocmd_bufunload_with_bwipe.patch`
> check it out.

I think we need a more drastic solution.  Autocommands wiping out a
buffer that we rely on should not happen.  We already had the b_closing
flag, let's turn that into a b_locked flag.

> I've also written test.  --> `autocmd_bufunload_with_bwipe_test.patch`
> Unfortunately, it did not SEGV in the pre-patch binary :-/

That's because it deletes buffer 2, but in the test the buffer number
will be higher.  I managed to get the crash using bufnr('$') + 1.

> NOTE: This issue was reported by Norio Takagi.  (Thanks!)

-- 
You're as much use as a condom machine at the Vatican.
  -- Rimmer to Holly in Red Dwarf 'Queeg'

 /// Bram Moolenaar -- b...@moolenaar.net -- http://www.Moolenaar.net   \\\
///sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\  an exciting new programming language -- http://www.Zimbu.org///
 \\\help me help AIDS victims -- http://ICCF-Holland.org///

-- 
-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

--- 
You received this message because you are subscribed to the Google Groups 
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to vim_dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [patch] SEGV when autocmd BufUnload with bwipe

2016-09-04 Fir de Conversatie h_east

Hi Bram,

2016-9-4(Sun) 21:33:17 UTC+9 h_east:
> Hi Bram and developers,
> 
> I checked in 7.4.2321
> 
>  Case 1 
> How to reproduce:
> - Create the following file:
>   $ cat sample1.vim
> edit a.txt
> augroup sample
>   autocmd!
>   autocmd BufUnload  tabfirst | 2bwipeout!
> augroup END
> edit b.txt
> 
> - Run vanilla Vim with above script file
>   $ vim -Nu NONE -S sample1.vim
> 
> Expected behavior:
> SEGV does not occur.
> 
> Actual behavior:
> SEGVed.
> 
> 
> 
>  Case 2 
> How to reproduce:
> - Create the following file:
>   $ cat sample2.vim
> setlocal buftype=nowrite
> augroup sample
>   autocmd!
>   autocmd BufUnload  tabfirst | 2bwipeout
> augroup END
> normal! i1
> edit a.txt
> call feedkeys("\")
> 
> - Run vanilla Vim with above script file
>   $ vim -Nu NONE -S sample2.vim
> 
> Expected behavior:
> SEGV does not occur.
> 
> Actual behavior:
> SEGVed.
> 
> 
> I know there are rare case and salicious scripts.
> But, It is not good to SEGV.
> 
> I wrote a patch.  --> `fix_autocmd_bufunload_with_bwipe.patch`
> check it out.
> I've also written test.  --> `autocmd_bufunload_with_bwipe_test.patch`
> Unfortunately, it did not SEGV in the pre-patch binary :-/
> 
> NOTE: This issue was reported by Norio Takagi.  (Thanks!)

My patch also fixed the following case.

 Case 3 
How to reproduce:
- Create the following file:
  $ cat sample3.vim
tabedit
augroup sample
  autocmd!
  autocmd BufWinLeave  tabfirst
augroup END
:%!ls
edit! a.txt
normal! gt
:%!ls
call feedkeys("\q::q\")


- Run vanilla Vim with above script file
  $ vim -Nu NONE -S sample3.vim

Expected behavior:
SEGV does not occur.

Actual behavior:
SEGVed.


Thanks.
--
Best regards,
Hirohito Higashi (a.k.a. h_east)

-- 
-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

--- 
You received this message because you are subscribed to the Google Groups 
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to vim_dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [patch] SEGV when autocmd BufUnload with bwipe

Re: [patch] SEGV when autocmd BufUnload with bwipe

Re: [patch] SEGV when autocmd BufUnload with bwipe

3 matches

Site Navigation

Mail list logo

Footer information