Tue, 20 Dec 2011 11:14:15 -0800 

Hi

Vim-7.3.382 (tiny) built with -DEXITFREE crashes when exiting.
It happens when FEAT_WINDOW is is not enabled.

Steps to reproduce:

1/ Make sure -DEXITFREE is not commented in vim/src/Makefile

2/ $ cd vim
   $ ./configure --with-features=tiny
   $ make
   $ cd src
   $ ./vim -u NONE -c q
   Vim: Caught deadly signal SEGV


Program terminated with signal 11, Segmentation fault.
#0  0x00007fcb167ab7e7 in kill () from /lib64/libc.so.6
(gdb) bt
#0  0x00007fcb167ab7e7 in kill () from /lib64/libc.so.6
#1  0x000000000047502b in may_core_dump () at os_unix.c:3150
#2  0x0000000000474fd5 in mch_exit (r=1) at os_unix.c:3116
#3  0x00000000004b5b41 in getout (exitval=1) at main.c:1435
#4  0x000000000044a50e in preserve_exit () at misc1.c:8725
#5  0x00000000004740c5 in deathtrap (sigarg=11) at os_unix.c:1097
#6  <signal handler called>
#7  0x0000000000409c2a in close_buffer (win=0x0, buf=0x7e0070,
action=4) at buffer.c:423
#8  0x000000000044beb0 in free_all_mem () at misc2.c:1176
#9  0x0000000000474fec in mch_exit (r=0) at os_unix.c:3138
#10 0x00000000004b5b41 in getout (exitval=0) at main.c:1435
#11 0x0000000000420abd in ex_quit (eap=0x7fff958f87b0) at ex_docmd.c:6456
#12 0x000000000041dc76 in do_one_cmd (cmdlinep=0x7fff958f88d8,
sourcing=1, fgetline=0, cookie=0x0)
    at ex_docmd.c:2668
#13 0x000000000041c6b9 in do_cmdline (cmdline=0x7fff958fa2b9 "q",
fgetline=0, cookie=0x0, flags=11)
    at ex_docmd.c:1122
#14 0x000000000041c3f7 in do_cmdline_cmd (cmd=0x7fff958fa2b9 "q") at
ex_docmd.c:727
#15 0x00000000004b6f51 in exe_commands (parmp=0x7fff958f8970) at main.c:2811
#16 0x00000000004b577a in main (argc=5, argv=0x7fff958f8b68) at main.c:884


The 'win' pointer is NULL in buffer.c:423:

#7  0x0000000000409c2a in close_buffer (win=0x0, buf=0x7e0070,
action=4) at buffer.c:423
423         win->w_buffer == buf)
(gdb) list
418     buf_freeall(buf, (del_buf ? BFA_DEL : 0) + (wipe_buf ? BFA_WIPE : 0));
419     if (
420 #ifdef FEAT_WINDOWS
421   win_valid(win) &&
422 #endif
423         win->w_buffer == buf)
424   win->w_buffer = NULL;  /* make sure we don't use the buffer now */
425
426 #ifdef FEAT_AUTOCMD
427     /* Autocommands may have deleted the buffer. */
(gdb) p win
$1 = (win_T *) 0x0

Note that 'win' was checked for NULL a few lines above at line but
not where it crashes. The lines where it crashes where introduced
in Vim-7.3.312.

Attached patch fixes it.

Regards
-- Dominique

-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

diff -r 601dffb4a18c src/buffer.c
--- a/src/buffer.c	Thu Dec 15 21:51:36 2011 +0100
+++ b/src/buffer.c	Tue Dec 20 20:07:56 2011 +0100
@@ -419,6 +419,8 @@
     if (
 #ifdef FEAT_WINDOWS
 	win_valid(win) &&
+#else
+	win != NULL &&
 #endif
 			  win->w_buffer == buf)
 	win->w_buffer = NULL;  /* make sure we don't use the buffer now */
  • [no subject] Dominique Pellé
    • Re: Bram Moolenaar

Raspunde prin e-mail lui