Ответ на сообщение «Re: 2html.vim causes Vim to crash with a SIGSEGV?!», присланное в 20:09:39 11 сентября 2010, Суббота, отправитель Carlo:
Confirmed, but before crashing it prints Error detected while processing command line: E339: Pattern too long Command: LANG=C vim -u NONE -c 'execute ''/''.repeat(''a\|'', 9000)' (removed unneeded options). In the help file it is mentioned that this error may occur only on systems with 16 bit ints: This only happens on systems with 16 bit ints: The compiled regexp pattern is longer than about 65000 characters. Try using a shorter pattern. (message.txt, line 484) And vim obviously should not crash. Текст сообщения: > On Sep 5, 3:33 am, Peter Odding <pe...@peterodding.com> wrote: > > The regex is a 77 KB monstrosity that's supposed to match a predefined > > set of strings in 2html.vim output and is complicated by the fact that > > it also matches strings with embedded HTML tags. The regex is corrupt > > because of a bug in my plug-in; I forgot to escape special characters > > like [. > > I can reproduce this crash with a much simpler, valid, regex: > > $ vim -Ngfu NONE --noplugin -c "execute '/' . repeat('a\|', 9000) . > 'a'" > Vim: Caught deadly signal SEGV > > On my machine, it crashes with 9000 but not with 8000 repetitions. > > > I'm also attaching a backtrace from GDB and the output of Valgrind, > > which tell me that Vim crashes because of a NULL pointer dereference at > > regexp.c:4730 in the latest Vim 7.3 source. I've tried reasoning about > > this but regmatch() is far too complex for my comprehension at the > > moment :-) > > My backtrace is exactly the same: > > (gdb) bt > #0 0x000000000055a545 in regmatch (scan=0x953cba "\003") at regexp.c: > 4730 > #1 0x0000000000557dd5 in regtry (prog=0x953ca0, col=0) at regexp.c: > 3711 > #2 0x0000000000557b9c in vim_regexec_both (line=0xabe7c0 "", col=0, > tm=0x0) at regexp.c:3600 > #3 0x00000000005574c7 in vim_regexec (rmp=0x7fffffffdd00, > line=0xabe7c0 "", col=0) at regexp.c:3347 > #4 0x00000000004b85cd in match_file_pat (pattern=0x0, prog=0x953ca0, > fname=0xabe7c0 "", sfname=0x0, tail= > 0xabe7c0 "", allow_dirs=0) at fileio.c:10003 > #5 0x00000000004b7bd2 in auto_next_pat (apc=0x7fffffffde50, > stop_at_last=0) at fileio.c:9525 > #6 0x00000000004b77d8 in apply_autocmds_group (event=EVENT_VIMENTER, > fname=0xabe7c0 "", fname_io=0x0, force=0, > group=-3, buf=0x88c150, eap=0x0) at fileio.c:9358 > #7 0x00000000004b7108 in apply_autocmds (event=EVENT_VIMENTER, > fname=0x0, fname_io=0x0, force=0, buf=0x88c150) > at fileio.c:8994 > #8 0x00000000004d3973 in main (argc=6, argv=0x7fffffffe1e8) at main.c: > 903 > > Carlo > > (I attempted to post this message earlier but it somehow didn't make > it through) > > > - Peter Odding > > > > [crash.vim5K ]function! s:VimCrashOnRegexEval(tags) > > let patterns = [] > > let short = s:IgnoreHTML('s') . s:IgnoreHTML(':') > > let long = s:IgnoreHTML('<') . s:IgnoreHTML('[Ss][Ii][Dd]') . > > s:IgnoreHTML('>') let prefix = '\%(' . short . '\|' . long . '\)' > > for name in a:tags > > let tokens = [prefix] > > for token in split(name, '\...@=\|\W\@<=') > > " The bug in my original code was that I didn't escape special > > pattern characters in " {token} before adding it to {tokens}, but that > > doesn't mean Vim should crash :-( call add(tokens, s:IgnoreHTML(token)) > > endfor > > call add(patterns, join(tokens, '')) > > endfor > > execute '/' . escape(join(patterns, '\|'), '~/') > > endfunction > > > > function! s:IgnoreHTML(s) > > return printf('\%%(<[^/][^>]*>%s</[^>]\+>\|%s\)', a:s, a:s) > > endfunction > > > > call s:VimCrashOnRegexEval(['s:msg', 'g:loaded_publish', > > 'foreach_window', 's:ei_save', \ 's:loaded_scripts', 'tex_fold_enabled', > > 'g:timer_verbosity', '<Tab>', 'reload_colors', \ > > 'b:luainspect_syntax_error', 'g:easytags_resolve_links', 's:hif_save', > > 'unresolve_scriptname', \ 'g:easytags_always_enabled', '<Home>', > > 'session#get_names', 's:directory', 'session#save_cmd', \ 's:stal_save', > > 'session#auto_dirty_check', 'persist_special_windows', '<C-Down>', \ > > 'b:luainspect_input', 'ignore_html', 's:ctags_filetypes', > > 'session#close_cmd', 's:object_methods', \ 'xolox#timer#stop', > > 'easytags#highlight', 'g:session_autoload', 'g:publish_omit_dothtml', \ > > 'save_plugin_window', 'netrw_hide', 'prep_cmdline', 's:cached_contents', > > 'g:lua_inspect_internal', \ 'java_allow_cpp_keywords', 'open_at_cursor', > > 'luainspect#make_request', 'library_call', \ 'xolox#debug', > > 'publish#run_rsync', 'easytags#get_tagsfile', 's:script', > > 'session#auto_load', \ 'g:reload_on_write', 'easytags#read_tagsfile', > > 'publish#html_encode', '<Left>', 's:tagged_files', \ 'easytags#update', > > 'xolox#path#absolute', 'easytags#map_filetypes', 'rename_variable', \ > > 'publish#rsync_check', 'tex_flavor', '<Right>', 's:lock_files', > > 's:library_version', '<F11>', \ 'g:html_ignore_folding', > > 's:has_reltime', 'g:html_number_lines', 'g:easytags_on_cursorhold', \ > > 'save_qflist', 'g:easytags_autorecurse', 'find_tagged_files', > > 's:changed_path', 's:enoimpl', \ 'escape_tags', 'g:loaded_session', > > 'xolox#timer#start', 'get_name', 'g:easytags_ignored_filetypes', \ > > 'xolox#shell#open_cmd', 'xolox#quote_pattern', 'xolox#shell#execute', > > 'convert_value', \ 'xolox#unique', 'session#path_to_name', '<Esc>[A', > > 'session#open_cmd', 'python_highlight_all', \ '<A-Right>', > > 's:files_to_publish', 'define_default_styles', 's:supported_filetypes', > > \ 'xolox#option#join', 's:loclist_to_window', 'session#delete_cmd', > > '<Esc>[23~', 'session#save_state', \ '<Del>', 'vimsyn_noerror', > > 'publish#find_tags', 'reload_indent', 'xolox#shell#open_with', \ > > 's:cached_filenames', 'xolox#reload#script', 'g:easytags_ctags_version', > > 'g:html_use_css', \ 'clear_previous_matches', 'is_windows', > > 'session#save_colors', 'select_name', \ 's:reload_script_active', > > 'session_is_locked', 'session#auto_unlock', 'set_tagged_files', \ > > 'publish#create_subst_cmd', 'jump_to_window', 's:smd_save', > > 'g:xolox_message_buffer', \ 'xolox#option#split_tags', 'g:easytags_cmd', > > 'xolox#path#equals', '<C-Up>', 'xolox#path#join', \ 'xolox#warning', > > 's:hnl_save', 's:mls_save', 's:reloading_buffers', 's:aliases', \ > > 'xolox#shell#fullscreen', 's:vim_filetypes', 'b:luainspect_warnings', > > 'cache_tagged_files', \ 'easytags#autoload', 's:fullscreen_enabled', > > 'session#save_session', '<A-Left>', 'xolox#message', \ 's:units', > > 'session#restart_cmd', 'g:timer_enabled', 's:contact', > > 'easytags#define_tagkind', \ 'xolox#path#decode', '***', 'handle_error', > > 'reload_ftplugin', 'g:lua_inspect_warnings', \ 's:session_is_dirty', > > 'xolox#shell#open_url', 'parse_scriptnames', 'session#save_features', \ > > 'check_output', 'session#complete_names', '<C-S-PageUp>', > > 'xolox#path#relative', '<F3>', \ 'b:easytags_last_highlighted', > > 'reload_message', 'update_warnings', 's:canonical_aliases', \ > > 'reload_plugin', 's:go_toggled', 'publish#customize_html', > > 'g:shell_open_cmds', 'check_cfile', \ 'run_ctags', '<C-S-PageDown>', > > 'g:loaded_luainspect', 'xolox#timer#format_timespan', \ > > 'luainspect#highlight_cmd', 'xolox#reload#open_readonly', > > 'easytags#to_ctags_ft', 'pattern_to_lnum', \ 'unlock_session', > > 'c_syntax_for_h', 'g:shell_fullscreen_items', > > 's:current_source_directory', \ 'publish#create_dirs', > > 'reload_autoload', 'prepare_search_path', 's:viml_sl_prefix', > > 's:ruler_save', \ 'is_bash', 'xolox#reload#windows', 'g:loaded_pyref', > > 's:cpo_save', 'has_dll', 'xolox#path#tempdir', \ 'g:lua_inspect_events', > > 's:auto_reload_active', 'xolox#option#join_tags', 'highlight_variables', > > \ 'xolox#escape#pattern', 'easytags#file_has_tags', 'check_filetype', > > 's:scripttypes', \ 'script_sourced', 'b:luainspect_disabled', > > 'luainspect#auto_enable', '<c-]>', '<F5>', \ 'session#view_cmd', > > 'xolox#path#commonprefix', 'g:easytags_include_members', > > 'g:session_autosave', \ 'lock_session', 's:more_save', 's:huc_save', > > 'easytags#alias_filetypes', 'g:pyref_browser', \ > > 'g:publish_viml_sl_hack', 's:tempdir_counter', > > 'easytags#supported_filetypes', \ 'easytags#add_tagged_file', > > 'unescape_tags', 'filter_merge_tags', 'b:luainspect_output', \ > > 'g:xolox_messages', 'xolox#shell#highlight_urls', 'session#auto_save', > > 'find_dll_version', \ 's:window_to_info', 'b:easytags_nohl', > > 'easytags#write_tagsfile', 'g:loaded_easytags', \ 'reload_buffers', > > '<F6>', 'reload_syntax', 'xolox#shell#is_fullscreen', > > 'publish#prep_env', \ 's:groups', '<BS>', 'highlight_position', > > 's:tagkinds', 's:cached_layouts', 's:saved_qflist', \ > > 'session#name_to_path', 'balloon_syntax', 'parse_text', > > 'xolox#path#merge', 'g:pyref_mapping', \ 'publish#resolve_files', > > 'session#save_fullscreen', 'g:shell_mappings_enabled', > > 'xolox#path#encode', \ 'reload_window', 'clear_message', > > 'xolox#escape#substitute', 'easytags#to_vim_ft', \ 'xolox#option#split', > > 's:tags_to_publish', '...', 's:windows_compatible', > > 'g:publish_plaintext', \ 'foreach_tabpage', 'xolox#shell#build_cmd', > > 'session#save_qflist', 'xolox#path#split']) > > > > [gdb.txt1K ]pe...@laptop> gdb --args /usr/local/bin/gvim -fu NONE > > --noplugin -NS crash.vim GNU gdb (GDB) 7.0-ubuntu > > Copyright (C) 2009 Free Software Foundation, Inc. > > License GPLv3+: GNU GPL version 3 or later > > <http://gnu.org/licenses/gpl.html> This is free software: you are free > > to change and redistribute it. There is NO WARRANTY, to the extent > > permitted by law. Type "show copying" and "show warranty" for details. > > This GDB was configured as "x86_64-linux-gnu". > > For bug reporting instructions, please see: > > <http://www.gnu.org/software/gdb/bugs/>... > > Reading symbols from /usr/local/bin/gvim...done. > > (gdb) r > > Starting program: /usr/local/bin/gvim -fu NONE --noplugin -NS crash.vim > > [Thread debugging using libthread_db enabled] > > > > (gvim:4029): GLib-WARNING **: g_set_prgname() called multiple times > > > > Program received signal SIGSEGV, Segmentation fault. > > 0x0000000000564107 in regmatch (scan=0x97743a "\003") at regexp.c:4730 > > 4730 if (OP(next) != BRANCH) /* No choice. */ > > (gdb) where > > #0 0x0000000000564107 in regmatch (scan=0x97743a "\003") at > > regexp.c:4730 #1 0x0000000000561c50 in regtry (prog=0x977420, col=0) at > > regexp.c:3711 #2 0x0000000000561a17 in vim_regexec_both (line=0xb93d50 > > "", col=0, tm=0x0) at regexp.c:3600 #3 0x0000000000561342 in > > vim_regexec (rmp=0x7fffffffdf30, line=0xb93d50 "", col=0) at > > regexp.c:3347 #4 0x00000000004c0d5d in match_file_pat (pattern=0x0, > > prog=0x977420, fname=0xb93d50 "", sfname=0x0, tail=0xb93d50 "", > > allow_dirs=0) at fileio.c:10003 #5 0x00000000004c035e in auto_next_pat > > (apc=0x7fffffffe080, stop_at_last=0) at fileio.c:9525 #6 > > 0x00000000004bff4a in apply_autocmds_group (event=EVENT_VIMENTER, > > fname=0xb93d50 "", fname_io=0x0, force=0, group=-3, buf=0x8a1990, > > eap=0x0) at fileio.c:9358 #7 0x00000000004bf860 in apply_autocmds > > (event=EVENT_VIMENTER, fname=0x0, fname_io=0x0, force=0, buf=0x8a1990) > > at fileio.c:8994 #8 0x00000000004dc1dc in main (argc=6, > > argv=0x7fffffffe438) at main.c:903 > > > > valgrind.log > > 3KViewDownload
signature.asc
Description: This is a digitally signed message part.