Björn Winckler wrote:
> I received a report on Vim crashing on the MacVim issue tracker [1]
> and since I could reproduce the problem I decided to try to track it
> down.
>
> The problem is a NULL point access in plines_win_col(), specifically the call
>
> s = ml_get_buf(wp->w_buffer, lnum, FALSE);
>
> is done when w_buffer is NULL and ml_get_buf() assumes its first
> parameter to be non-NULL.
>
> I did a git-bisect and found that the following commit introduced the problem:
>
> updated for version 7.3.306
> Problem: When closing a window there is a chance that deleting
> a scrollbar
> triggers a GUI resize, which uses the window while it is not in a
> valid state.
> Solution: Set the buffer pointer to NULL to be able to detect the
> invalid
> situation. Fix a few places that used the buffer pointer
> incorrectly.
>
> My take on this is that this commit is very dangerous. Some places in
> the code (like the one above) assumes that wp->w_buffer always is
> non-NULL but after 7.3.306 this is no longer the case. Since I don't
> think I'll be able to spot all places where this assumption is made I
> decided against trying to write a patch and instead ask what to do
> about this: revert 7.3.306 or try to fix all places in the code that
> it breaks?
>
> For reference I've pasted the backtrace from the crash below.
The reason to put NULL in this pointer is that otherwise an invalid
pointer would be used. Now you can see where the NULL is used and find
out why this happens and solve the problem. Previously these problems
were very hard to debug.
You will have to put in checks for w_buffer being null, and bailing out
early. Especially in event handlers, e.g. for window resizing.
It should not be needed in all places where w_buffer is used.
--
LAUNCELOT leaps into SHOT with a mighty cry and runs the GUARD through and
hacks him to the floor. Blood. Swashbuckling music (perhaps).
LAUNCELOT races through into the castle screaming.
SECOND SENTRY: Hey!
"Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
