Hi
I noticed a crash in Vim-7.4.244 easy to reproduce:
$ vim -u NONE -N -c '&&'
Vim: Caught deadly signal SEGV
Vim: Finished.
Segmentation fault (core dumped)
(see :help :s_flags for description of :&&)
Bug is introduced by this recent patch:
changeset: 5792:8d1ba0a23588
tag: v7-4-240
user: Bram Moolenaar <[email protected]>
date: Wed Apr 02 17:19:04 2014 +0200
files: src/tag.c src/version.c
description:
updated for version 7.4.240
Problem: ":tjump" shows "\n" as "\\n".
Solution: Skip over "\" that escapes a backslash. (Gary Johnson)
(gdb) bt
#0 0x00007f035583c707 in kill () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00000000004d4297 in may_core_dump () at os_unix.c:3358
#2 0x00000000004d5ce3 in mch_exit (r=1) at os_unix.c:3324
#3 0x000000000055836b in getout (exitval=1) at main.c:1500
#4 0x00000000004a4dcc in preserve_exit () at misc1.c:9166
#5 0x00000000004d4d25 in deathtrap (sigarg=11) at os_unix.c:1121
#6 <signal handler called>
#7 do_sub (eap=0x7ffffd8623a0) at ex_cmds.c:4428
#8 0x0000000000458618 in do_one_cmd (cookie=0x7ffffd862ae0,
fgetline=0x44d42a <getsourceline>, cstack=0x7ffffd862540, sourcing=1,
cmdlinep=0x7ffffd8
62510) at ex_docmd.c:2701
#9 do_cmdline (cmdline=<optimized out>, fgetline=0x44d42a
<getsourceline>, cookie=0x7ffffd862ae0, flags=7) at ex_docmd.c:1126
#10 0x000000000044dca0 in do_source (fname=0xcbf6e4 "vim.h",
check_other=<optimized out>, is_vimrc=<optimized out>) at
ex_cmds2.c:3312
#11 0x000000000044df12 in cmd_source (fname=0xcbf6e4 "vim.h",
eap=<optimized out>) at ex_cmds2.c:2921
#12 0x000000000044df46 in ex_source (eap=<optimized out>) at ex_cmds2.c:2894
#13 0x0000000000458618 in do_one_cmd (cookie=0x0, fgetline=0x0,
cstack=0x7ffffd862e60, sourcing=1, cmdlinep=0x7ffffd862e30) at
ex_docmd.c:2701
#14 do_cmdline (cmdline=<optimized out>, fgetline=0x0, cookie=0x0,
flags=11) at ex_docmd.c:1126
#15 0x0000000000459d86 in do_cmdline_cmd (cmd=<optimized out>) at ex_docmd.c:731
#16 0x000000000055b994 in exe_commands (parmp=0x7ffffd8633e0) at main.c:2894
#17 main (argc=<optimized out>, argv=<optimized out>) at main.c:936
...
(gdb) up
#7 do_sub (eap=0x7ffffd8623a0) at ex_cmds.c:4428
(gdb) p pat
$2 = (char_u *) 0x0
Attached patch fixes it by checking that 'pat' is not NULL.
I also removed the condition "STRLEN(pat) == 2" because it looks
redundant with the condition just before it: "STRCMP(pat, "\\n") == 0".
Regards
Dominique
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
diff -r 43fc7ea915db src/ex_cmds.c
--- a/src/ex_cmds.c Wed Apr 02 23:09:26 2014 +0200
+++ b/src/ex_cmds.c Thu Apr 03 10:42:10 2014 +0200
@@ -4425,7 +4425,7 @@
* TODO: find a generic solution to make line-joining operations more
* efficient, avoid allocating a string that grows in size.
*/
- if (STRCMP(pat, "\\n") == 0 && STRLEN(pat) == 2
+ if (pat != NULL && STRCMP(pat, "\\n") == 0
&& *sub == NUL
&& (*cmd == NUL || (cmd[1] == NUL && (*cmd == 'g' || *cmd == 'l'
|| *cmd == 'p' || *cmd == '#'))))
