Ответ на сообщение «Re: 2html.vim causes Vim to crash with a SIGSEGV?!», присланное в 20:09:39 11 сентября 2010, Суббота, отправитель Carlo:
Confirmed, but before crashing it prints
Error detected while processing command line:
E339: Pattern too long
Command:
LANG=C vim -u NONE -c 'execute ''/''.repeat(''a\|'', 9000)'
(removed unneeded options). In the help file it is mentioned that
this error may occur only on systems with 16 bit ints:
This only happens on systems with 16 bit ints: The compiled regexp pattern
is
longer than about 65000 characters. Try using a shorter pattern.
(message.txt, line
484)
And vim obviously should not crash.
Текст сообщения:
> On Sep 5, 3:33 am, Peter Odding <pe...@peterodding.com> wrote:
> > The regex is a 77 KB monstrosity that's supposed to match a predefined
> > set of strings in 2html.vim output and is complicated by the fact that
> > it also matches strings with embedded HTML tags. The regex is corrupt
> > because of a bug in my plug-in; I forgot to escape special characters
> > like [.
>
> I can reproduce this crash with a much simpler, valid, regex:
>
> $ vim -Ngfu NONE --noplugin -c "execute '/' . repeat('a\|', 9000) .
> 'a'"
> Vim: Caught deadly signal SEGV
>
> On my machine, it crashes with 9000 but not with 8000 repetitions.
>
> > I'm also attaching a backtrace from GDB and the output of Valgrind,
> > which tell me that Vim crashes because of a NULL pointer dereference at
> > regexp.c:4730 in the latest Vim 7.3 source. I've tried reasoning about
> > this but regmatch() is far too complex for my comprehension at the
> > moment :-)
>
> My backtrace is exactly the same:
>
> (gdb) bt
> #0 0x000000000055a545 in regmatch (scan=0x953cba "\003") at regexp.c:
> 4730
> #1 0x0000000000557dd5 in regtry (prog=0x953ca0, col=0) at regexp.c:
> 3711
> #2 0x0000000000557b9c in vim_regexec_both (line=0xabe7c0 "", col=0,
> tm=0x0) at regexp.c:3600
> #3 0x00000000005574c7 in vim_regexec (rmp=0x7fffffffdd00,
> line=0xabe7c0 "", col=0) at regexp.c:3347
> #4 0x00000000004b85cd in match_file_pat (pattern=0x0, prog=0x953ca0,
> fname=0xabe7c0 "", sfname=0x0, tail=
> 0xabe7c0 "", allow_dirs=0) at fileio.c:10003
> #5 0x00000000004b7bd2 in auto_next_pat (apc=0x7fffffffde50,
> stop_at_last=0) at fileio.c:9525
> #6 0x00000000004b77d8 in apply_autocmds_group (event=EVENT_VIMENTER,
> fname=0xabe7c0 "", fname_io=0x0, force=0,
> group=-3, buf=0x88c150, eap=0x0) at fileio.c:9358
> #7 0x00000000004b7108 in apply_autocmds (event=EVENT_VIMENTER,
> fname=0x0, fname_io=0x0, force=0, buf=0x88c150)
> at fileio.c:8994
> #8 0x00000000004d3973 in main (argc=6, argv=0x7fffffffe1e8) at main.c:
> 903
>
> Carlo
>
> (I attempted to post this message earlier but it somehow didn't make
> it through)
>
> > - Peter Odding
> >
> > [crash.vim5K ]function! s:VimCrashOnRegexEval(tags)
> > let patterns = []
> > let short = s:IgnoreHTML('s') . s:IgnoreHTML(':')
> > let long = s:IgnoreHTML('<') . s:IgnoreHTML('[Ss][Ii][Dd]') .
> > s:IgnoreHTML('>') let prefix = '\%(' . short . '\|' . long . '\)'
> > for name in a:tags
> > let tokens = [prefix]
> > for token in split(name, '\...@=\|\W\@<=')
> > " The bug in my original code was that I didn't escape special
> > pattern characters in " {token} before adding it to {tokens}, but that
> > doesn't mean Vim should crash :-( call add(tokens, s:IgnoreHTML(token))
> > endfor
> > call add(patterns, join(tokens, ''))
> > endfor
> > execute '/' . escape(join(patterns, '\|'), '~/')
> > endfunction
> >
> > function! s:IgnoreHTML(s)
> > return printf('\%%(<[^/][^>]*>%s</[^>]\+>\|%s\)', a:s, a:s)
> > endfunction
> >
> > call s:VimCrashOnRegexEval(['s:msg', 'g:loaded_publish',
> > 'foreach_window', 's:ei_save', \ 's:loaded_scripts', 'tex_fold_enabled',
> > 'g:timer_verbosity', '<Tab>', 'reload_colors', \
> > 'b:luainspect_syntax_error', 'g:easytags_resolve_links', 's:hif_save',
> > 'unresolve_scriptname', \ 'g:easytags_always_enabled', '<Home>',
> > 'session#get_names', 's:directory', 'session#save_cmd', \ 's:stal_save',
> > 'session#auto_dirty_check', 'persist_special_windows', '<C-Down>', \
> > 'b:luainspect_input', 'ignore_html', 's:ctags_filetypes',
> > 'session#close_cmd', 's:object_methods', \ 'xolox#timer#stop',
> > 'easytags#highlight', 'g:session_autoload', 'g:publish_omit_dothtml', \
> > 'save_plugin_window', 'netrw_hide', 'prep_cmdline', 's:cached_contents',
> > 'g:lua_inspect_internal', \ 'java_allow_cpp_keywords', 'open_at_cursor',
> > 'luainspect#make_request', 'library_call', \ 'xolox#debug',
> > 'publish#run_rsync', 'easytags#get_tagsfile', 's:script',
> > 'session#auto_load', \ 'g:reload_on_write', 'easytags#read_tagsfile',
> > 'publish#html_encode', '<Left>', 's:tagged_files', \ 'easytags#update',
> > 'xolox#path#absolute', 'easytags#map_filetypes', 'rename_variable', \
> > 'publish#rsync_check', 'tex_flavor', '<Right>', 's:lock_files',
> > 's:library_version', '<F11>', \ 'g:html_ignore_folding',
> > 's:has_reltime', 'g:html_number_lines', 'g:easytags_on_cursorhold', \
> > 'save_qflist', 'g:easytags_autorecurse', 'find_tagged_files',
> > 's:changed_path', 's:enoimpl', \ 'escape_tags', 'g:loaded_session',
> > 'xolox#timer#start', 'get_name', 'g:easytags_ignored_filetypes', \
> > 'xolox#shell#open_cmd', 'xolox#quote_pattern', 'xolox#shell#execute',
> > 'convert_value', \ 'xolox#unique', 'session#path_to_name', '<Esc>[A',
> > 'session#open_cmd', 'python_highlight_all', \ '<A-Right>',
> > 's:files_to_publish', 'define_default_styles', 's:supported_filetypes',
> > \ 'xolox#option#join', 's:loclist_to_window', 'session#delete_cmd',
> > '<Esc>[23~', 'session#save_state', \ '<Del>', 'vimsyn_noerror',
> > 'publish#find_tags', 'reload_indent', 'xolox#shell#open_with', \
> > 's:cached_filenames', 'xolox#reload#script', 'g:easytags_ctags_version',
> > 'g:html_use_css', \ 'clear_previous_matches', 'is_windows',
> > 'session#save_colors', 'select_name', \ 's:reload_script_active',
> > 'session_is_locked', 'session#auto_unlock', 'set_tagged_files', \
> > 'publish#create_subst_cmd', 'jump_to_window', 's:smd_save',
> > 'g:xolox_message_buffer', \ 'xolox#option#split_tags', 'g:easytags_cmd',
> > 'xolox#path#equals', '<C-Up>', 'xolox#path#join', \ 'xolox#warning',
> > 's:hnl_save', 's:mls_save', 's:reloading_buffers', 's:aliases', \
> > 'xolox#shell#fullscreen', 's:vim_filetypes', 'b:luainspect_warnings',
> > 'cache_tagged_files', \ 'easytags#autoload', 's:fullscreen_enabled',
> > 'session#save_session', '<A-Left>', 'xolox#message', \ 's:units',
> > 'session#restart_cmd', 'g:timer_enabled', 's:contact',
> > 'easytags#define_tagkind', \ 'xolox#path#decode', '***', 'handle_error',
> > 'reload_ftplugin', 'g:lua_inspect_warnings', \ 's:session_is_dirty',
> > 'xolox#shell#open_url', 'parse_scriptnames', 'session#save_features', \
> > 'check_output', 'session#complete_names', '<C-S-PageUp>',
> > 'xolox#path#relative', '<F3>', \ 'b:easytags_last_highlighted',
> > 'reload_message', 'update_warnings', 's:canonical_aliases', \
> > 'reload_plugin', 's:go_toggled', 'publish#customize_html',
> > 'g:shell_open_cmds', 'check_cfile', \ 'run_ctags', '<C-S-PageDown>',
> > 'g:loaded_luainspect', 'xolox#timer#format_timespan', \
> > 'luainspect#highlight_cmd', 'xolox#reload#open_readonly',
> > 'easytags#to_ctags_ft', 'pattern_to_lnum', \ 'unlock_session',
> > 'c_syntax_for_h', 'g:shell_fullscreen_items',
> > 's:current_source_directory', \ 'publish#create_dirs',
> > 'reload_autoload', 'prepare_search_path', 's:viml_sl_prefix',
> > 's:ruler_save', \ 'is_bash', 'xolox#reload#windows', 'g:loaded_pyref',
> > 's:cpo_save', 'has_dll', 'xolox#path#tempdir', \ 'g:lua_inspect_events',
> > 's:auto_reload_active', 'xolox#option#join_tags', 'highlight_variables',
> > \ 'xolox#escape#pattern', 'easytags#file_has_tags', 'check_filetype',
> > 's:scripttypes', \ 'script_sourced', 'b:luainspect_disabled',
> > 'luainspect#auto_enable', '<c-]>', '<F5>', \ 'session#view_cmd',
> > 'xolox#path#commonprefix', 'g:easytags_include_members',
> > 'g:session_autosave', \ 'lock_session', 's:more_save', 's:huc_save',
> > 'easytags#alias_filetypes', 'g:pyref_browser', \
> > 'g:publish_viml_sl_hack', 's:tempdir_counter',
> > 'easytags#supported_filetypes', \ 'easytags#add_tagged_file',
> > 'unescape_tags', 'filter_merge_tags', 'b:luainspect_output', \
> > 'g:xolox_messages', 'xolox#shell#highlight_urls', 'session#auto_save',
> > 'find_dll_version', \ 's:window_to_info', 'b:easytags_nohl',
> > 'easytags#write_tagsfile', 'g:loaded_easytags', \ 'reload_buffers',
> > '<F6>', 'reload_syntax', 'xolox#shell#is_fullscreen',
> > 'publish#prep_env', \ 's:groups', '<BS>', 'highlight_position',
> > 's:tagkinds', 's:cached_layouts', 's:saved_qflist', \
> > 'session#name_to_path', 'balloon_syntax', 'parse_text',
> > 'xolox#path#merge', 'g:pyref_mapping', \ 'publish#resolve_files',
> > 'session#save_fullscreen', 'g:shell_mappings_enabled',
> > 'xolox#path#encode', \ 'reload_window', 'clear_message',
> > 'xolox#escape#substitute', 'easytags#to_vim_ft', \ 'xolox#option#split',
> > 's:tags_to_publish', '...', 's:windows_compatible',
> > 'g:publish_plaintext', \ 'foreach_tabpage', 'xolox#shell#build_cmd',
> > 'session#save_qflist', 'xolox#path#split'])
> >
> > [gdb.txt1K ]pe...@laptop> gdb --args /usr/local/bin/gvim -fu NONE
> > --noplugin -NS crash.vim GNU gdb (GDB) 7.0-ubuntu
> > Copyright (C) 2009 Free Software Foundation, Inc.
> > License GPLv3+: GNU GPL version 3 or later
> > <http://gnu.org/licenses/gpl.html> This is free software: you are free
> > to change and redistribute it. There is NO WARRANTY, to the extent
> > permitted by law. Type "show copying" and "show warranty" for details.
> > This GDB was configured as "x86_64-linux-gnu".
> > For bug reporting instructions, please see:
> > <http://www.gnu.org/software/gdb/bugs/>...
> > Reading symbols from /usr/local/bin/gvim...done.
> > (gdb) r
> > Starting program: /usr/local/bin/gvim -fu NONE --noplugin -NS crash.vim
> > [Thread debugging using libthread_db enabled]
> >
> > (gvim:4029): GLib-WARNING **: g_set_prgname() called multiple times
> >
> > Program received signal SIGSEGV, Segmentation fault.
> > 0x0000000000564107 in regmatch (scan=0x97743a "\003") at regexp.c:4730
> > 4730 if (OP(next) != BRANCH) /* No choice. */
> > (gdb) where
> > #0 0x0000000000564107 in regmatch (scan=0x97743a "\003") at
> > regexp.c:4730 #1 0x0000000000561c50 in regtry (prog=0x977420, col=0) at
> > regexp.c:3711 #2 0x0000000000561a17 in vim_regexec_both (line=0xb93d50
> > "", col=0, tm=0x0) at regexp.c:3600 #3 0x0000000000561342 in
> > vim_regexec (rmp=0x7fffffffdf30, line=0xb93d50 "", col=0) at
> > regexp.c:3347 #4 0x00000000004c0d5d in match_file_pat (pattern=0x0,
> > prog=0x977420, fname=0xb93d50 "", sfname=0x0, tail=0xb93d50 "",
> > allow_dirs=0) at fileio.c:10003 #5 0x00000000004c035e in auto_next_pat
> > (apc=0x7fffffffe080, stop_at_last=0) at fileio.c:9525 #6
> > 0x00000000004bff4a in apply_autocmds_group (event=EVENT_VIMENTER,
> > fname=0xb93d50 "", fname_io=0x0, force=0, group=-3, buf=0x8a1990,
> > eap=0x0) at fileio.c:9358 #7 0x00000000004bf860 in apply_autocmds
> > (event=EVENT_VIMENTER, fname=0x0, fname_io=0x0, force=0, buf=0x8a1990)
> > at fileio.c:8994 #8 0x00000000004dc1dc in main (argc=6,
> > argv=0x7fffffffe438) at main.c:903
> >
> > valgrind.log
> > 3KViewDownload
signature.asc
Description: This is a digitally signed message part.
