I am seeing a segfault with this patch (bisected) in a specific file:
To reproduce it:
1. wget https://raw.githubusercontent.com/blueyed/dotfiles/master/vimperatorrc
2. vim -u NONE -N -c 'syn on' vimperatorrc
3. Scroll around (<C-d>, PageUp/PageDown), it should crash after a few seconds
or earlier.
Here is the top of the backtrace:
#0 0x00000000005976f6 in vim_regexec_multi (rmp=0x7fffffff4690, win=0xabffc0,
buf=0x146dd60, lnum=180, col=0, tm=0x0) at regexp.c:8247
#1 0x00000000005e3309 in syn_regexec (rmp=0x7fffffff4690, lnum=180, col=0,
st=0x189da18) at syntax.c:3272
#2 0x00000000005e0d23 in syn_current_attr (syncing=0, displaying=1,
can_spell=0x0, keep_state=0) at syntax.c:2092
#3 0x00000000005e0509 in get_syntax_attr (col=0, can_spell=0x0, keep_state=0)
at syntax.c:1851
#4 0x00000000005a02c7 in win_line (wp=0xabffc0, lnum=180, startrow=5,
endrow=40, nochange=1) at screen.c:4318
#5 0x000000000059b023 in win_update (wp=0xabffc0) at screen.c:2010
#6 0x0000000000598bbc in update_debug_sign (buf=0x146dd60, lnum=10) at
screen.c:929
#7 0x00000000004a2177 in ex_sign (eap=0x7fffffff4ec0) at ex_cmds.c:7334
#8 0x00000000004ad026 in do_one_cmd (cmdlinep=0x7fffffff4fe0, sourcing=1,
cstack=0x7fffffff50d0, fgetline=0x4aaf90 <get_loop_line>, cookie=0x7fffffff5880)
at ex_docmd.c:2705
The segfault happens at:
https://github.com/vim-jp/vim/blob/master/src/regexp.c#L8247-8248
(the gdb log is attached in full - with a second run, which resulted in a
shorter trace, but an unresolved top frame?!)
Best regards,
Daniel.
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
#0 0x00000000005976f6 in vim_regexec_multi (rmp=0x7fffffff4690, win=0xabffc0,
buf=0x146dd60, lnum=180, col=0, tm=0x0) at regexp.c:8247
#1 0x00000000005e3309 in syn_regexec (rmp=0x7fffffff4690, lnum=180, col=0,
st=0x189da18) at syntax.c:3272
#2 0x00000000005e0d23 in syn_current_attr (syncing=0, displaying=1,
can_spell=0x0, keep_state=0) at syntax.c:2092
#3 0x00000000005e0509 in get_syntax_attr (col=0, can_spell=0x0, keep_state=0)
at syntax.c:1851
#4 0x00000000005a02c7 in win_line (wp=0xabffc0, lnum=180, startrow=5,
endrow=40, nochange=1) at screen.c:4318
#5 0x000000000059b023 in win_update (wp=0xabffc0) at screen.c:2010
#6 0x0000000000598bbc in update_debug_sign (buf=0x146dd60, lnum=10) at
screen.c:929
#7 0x00000000004a2177 in ex_sign (eap=0x7fffffff4ec0) at ex_cmds.c:7334
#8 0x00000000004ad026 in do_one_cmd (cmdlinep=0x7fffffff4fe0, sourcing=1,
cstack=0x7fffffff50d0, fgetline=0x4aaf90 <get_loop_line>, cookie=0x7fffffff5880)
at ex_docmd.c:2705
#9 0x00000000004aa3fc in do_cmdline (cmdline=0x178e640 ":sign place 5272
line=10 name=QFS_VCS_CHANGE buffer=2", fgetline=0x4aaf90 <get_loop_line>,
cookie=0x7fffffff5880, flags=3) at ex_docmd.c:1131
#10 0x000000000048dcfc in ex_execute (eap=0x7fffffff56d0) at eval.c:21799
#11 0x00000000004ad026 in do_one_cmd (cmdlinep=0x7fffffff57f0, sourcing=1,
cstack=0x7fffffff58e0, fgetline=0x4aaf90 <get_loop_line>, cookie=0x7fffffff5880)
at ex_docmd.c:2705
#12 0x00000000004aa3fc in do_cmdline (cmdline=0x0, fgetline=0x492e31
<get_func_line>, cookie=0x17d4b00, flags=7) at ex_docmd.c:1131
#13 0x00000000004922ed in call_user_func (fp=0x10ea280, argcount=3,
argvars=0x7fffffff6200, rettv=0x7fffffff6880, firstline=194, lastline=194,
selfdict=0x0)
at eval.c:23601
#14 0x0000000000478a81 in call_func (funcname=0x17d6b24 "s:PlaceSign(a:class,
a:def.sign, a:list)", len=11, rettv=0x7fffffff6880, argcount=3,
argvars=0x7fffffff6200,
firstline=194, lastline=194, doesrange=0x7fffffff6394, evaluate=1,
selfdict=0x0) at eval.c:8597
#15 0x0000000000478601 in get_func_tv (name=0x17d6b24 "s:PlaceSign(a:class,
a:def.sign, a:list)", len=11, rettv=0x7fffffff6880, arg=0x7fffffff6828,
firstline=194,
lastline=194, doesrange=0x7fffffff6394, evaluate=1, selfdict=0x0) at
eval.c:8433
#16 0x0000000000473d9f in eval7 (arg=0x7fffffff6828, rettv=0x7fffffff6880,
evaluate=1, want_string=0) at eval.c:5210
#17 0x000000000047364f in eval6 (arg=0x7fffffff6828, rettv=0x7fffffff6880,
evaluate=1, want_string=0) at eval.c:4861
#18 0x0000000000473183 in eval5 (arg=0x7fffffff6828, rettv=0x7fffffff6880,
evaluate=1) at eval.c:4677
#19 0x0000000000472497 in eval4 (arg=0x7fffffff6828, rettv=0x7fffffff6880,
evaluate=1) at eval.c:4370
#20 0x00000000004722da in eval3 (arg=0x7fffffff6828, rettv=0x7fffffff6880,
evaluate=1) at eval.c:4282
#21 0x0000000000472159 in eval2 (arg=0x7fffffff6828, rettv=0x7fffffff6880,
evaluate=1) at eval.c:4211
#22 0x0000000000471f98 in eval1 (arg=0x7fffffff6828, rettv=0x7fffffff6880,
evaluate=1) at eval.c:4136
#23 0x0000000000471ef7 in eval0 (arg=0x17d6b24 "s:PlaceSign(a:class,
a:def.sign, a:list)", rettv=0x7fffffff6880, nextcmd=0x7fffffff6968, evaluate=1)
at eval.c:4093
#24 0x000000000046dbdf in ex_let (eap=0x7fffffff6960) at eval.c:1913
#25 0x00000000004ad026 in do_one_cmd (cmdlinep=0x7fffffff6a80, sourcing=1,
cstack=0x7fffffff6b70, fgetline=0x492e31 <get_func_line>, cookie=0x1759730)
at ex_docmd.c:2705
#26 0x00000000004aa3fc in do_cmdline (cmdline=0x0, fgetline=0x492e31
<get_func_line>, cookie=0x1759730, flags=7) at ex_docmd.c:1131
#27 0x00000000004922ed in call_user_func (fp=0x10e4100, argcount=4,
argvars=0x7fffffff7490, rettv=0x7fffffff7650, firstline=194, lastline=194,
selfdict=0x0)
at eval.c:23601
#28 0x0000000000478a81 in call_func (funcname=0x1735800
"\200\375R134_UpdateSigns", len=18, rettv=0x7fffffff7650, argcount=4,
argvars=0x7fffffff7490, firstline=194,
lastline=194, doesrange=0x7fffffff7620, evaluate=1, selfdict=0x0) at
eval.c:8597
#29 0x0000000000478601 in get_func_tv (name=0x1735800
"\200\375R134_UpdateSigns", len=18, rettv=0x7fffffff7650, arg=0x7fffffff7628,
firstline=194, lastline=194,
doesrange=0x7fffffff7620, evaluate=1, selfdict=0x0) at eval.c:8433
#30 0x0000000000470e91 in ex_call (eap=0x7fffffff7770) at eval.c:3505
#31 0x00000000004ad026 in do_one_cmd (cmdlinep=0x7fffffff7890, sourcing=1,
cstack=0x7fffffff7980, fgetline=0x4aaf90 <get_loop_line>, cookie=0x7fffffff7920)
at ex_docmd.c:2705
#32 0x00000000004aa3fc in do_cmdline (cmdline=0x0, fgetline=0x492e31
<get_func_line>, cookie=0x18050a0, flags=7) at ex_docmd.c:1131
#33 0x00000000004922ed in call_user_func (fp=0x10e39f0, argcount=3,
argvars=0x7fffffff82a0, rettv=0x7fffffff8460, firstline=194, lastline=194,
selfdict=0x0)
at eval.c:23601
#34 0x0000000000478a81 in call_func (funcname=0x16f2db0 "QuickfixsignsSet",
len=16, rettv=0x7fffffff8460, argcount=3, argvars=0x7fffffff82a0,
firstline=194,
lastline=194, doesrange=0x7fffffff8430, evaluate=1, selfdict=0x0) at
eval.c:8597
#35 0x0000000000478601 in get_func_tv (name=0x16f2db0 "QuickfixsignsSet",
len=16, rettv=0x7fffffff8460, arg=0x7fffffff8438, firstline=194, lastline=194,
doesrange=0x7fffffff8430, evaluate=1, selfdict=0x0) at eval.c:8433
#36 0x0000000000470e91 in ex_call (eap=0x7fffffff8580) at eval.c:3505
#37 0x00000000004ad026 in do_one_cmd (cmdlinep=0x7fffffff86a0, sourcing=1,
cstack=0x7fffffff8790, fgetline=0x4d9b17 <getnextac>, cookie=0x7fffffff8d30)
at ex_docmd.c:2705
#38 0x00000000004aa3fc in do_cmdline (cmdline=0x0, fgetline=0x4d9b17
<getnextac>, cookie=0x7fffffff8d30, flags=7) at ex_docmd.c:1131
#39 0x00000000004d95bc in apply_autocmds_group (event=EVENT_BUFREADPOST,
fname=0x14c4810 "/home/daniel/.dotfiles/vimperatorrc",
fname_io=0x146dd30 "/home/daniel/.dotfiles/vimperatorrc", force=0,
group=-3, buf=0x146dd60, eap=0x7fffffff9430) at fileio.c:9483
#40 0x00000000004d8da4 in apply_autocmds_exarg (event=EVENT_BUFREADPOST,
fname=0x0, fname_io=0x146dd30 "/home/daniel/.dotfiles/vimperatorrc", force=0,
buf=0x146dd60,
eap=0x7fffffff9430) at fileio.c:9058
#41 0x00000000004cfa03 in readfile (fname=0x146dd30
"/home/daniel/.dotfiles/vimperatorrc", sfname=0x146dd30
"/home/daniel/.dotfiles/vimperatorrc", from=0,
lines_to_skip=0, lines_to_read=2147483647, eap=0x7fffffff9430, flags=1) at
fileio.c:2662
#42 0x0000000000446186 in open_buffer (read_stdin=0, eap=0x7fffffff9430,
flags=0) at buffer.c:147
#43 0x000000000049b0d6 in do_ecmd (fnum=0, ffname=0x16ff940
"/home/daniel/.dotfiles/vimperatorrc", sfname=0x1730a15
"/home/daniel/.dotfiles/vimperatorrc",
eap=0x7fffffff9430, newlnum=0, flags=0, oldwin=0xabffc0) at ex_cmds.c:3751
#44 0x00000000004b6298 in do_exedit (eap=0x7fffffff9430, old_curwin=0x0) at
ex_docmd.c:7934
#45 0x00000000004b5f14 in ex_edit (eap=0x7fffffff9430) at ex_docmd.c:7830
#46 0x00000000004ad026 in do_one_cmd (cmdlinep=0x7fffffff9550, sourcing=0,
cstack=0x7fffffff9640, fgetline=0x4c3329 <getexline>, cookie=0x0) at
ex_docmd.c:2705
#47 0x00000000004aa3fc in do_cmdline (cmdline=0x0, fgetline=0x4c3329
<getexline>, cookie=0x0, flags=0) at ex_docmd.c:1131
#48 0x000000000053bbd8 in nv_colon (cap=0x7fffffff9bc0) at normal.c:5330
#49 0x0000000000534682 in normal_cmd (oap=0x7fffffff9c40, toplevel=1) at
normal.c:1160
#50 0x00000000004b8d6d in exec_normal_cmd (cmd=0x14b6f07 "0", remap=0,
silent=0) at ex_docmd.c:9613
#51 0x00000000004b8b4f in ex_normal (eap=0x7fffffff9e80) at ex_docmd.c:9505
#52 0x00000000004ad026 in do_one_cmd (cmdlinep=0x7fffffff9fa0, sourcing=1,
cstack=0x7fffffffa090, fgetline=0x492e31 <get_func_line>, cookie=0x13acd60)
at ex_docmd.c:2705
#53 0x00000000004aa3fc in do_cmdline (cmdline=0x16f1f40 "normal 0",
fgetline=0x492e31 <get_func_line>, cookie=0x13acd60, flags=3) at ex_docmd.c:1131
#54 0x000000000048dcfc in ex_execute (eap=0x7fffffffa690) at eval.c:21799
#55 0x00000000004ad026 in do_one_cmd (cmdlinep=0x7fffffffa7b0, sourcing=1,
cstack=0x7fffffffa8a0, fgetline=0x492e31 <get_func_line>, cookie=0x13acd60)
at ex_docmd.c:2705
#56 0x00000000004aa3fc in do_cmdline (cmdline=0x0, fgetline=0x492e31
<get_func_line>, cookie=0x13acd60, flags=7) at ex_docmd.c:1131
#57 0x00000000004922ed in call_user_func (fp=0x14e8bd0, argcount=1,
argvars=0x7fffffffb1c0, rettv=0x7fffffffb380, firstline=6, lastline=6,
selfdict=0x0) at eval.c:23601
#58 0x0000000000478a81 in call_func (funcname=0x10df170
"\200\375R291_open_buffers", len=19, rettv=0x7fffffffb380, argcount=1,
argvars=0x7fffffffb1c0, firstline=6,
lastline=6, doesrange=0x7fffffffb350, evaluate=1, selfdict=0x0) at
eval.c:8597
#59 0x0000000000478601 in get_func_tv (name=0x10df170
"\200\375R291_open_buffers", len=19, rettv=0x7fffffffb380, arg=0x7fffffffb358,
firstline=6, lastline=6,
doesrange=0x7fffffffb350, evaluate=1, selfdict=0x0) at eval.c:8433
#60 0x0000000000470e91 in ex_call (eap=0x7fffffffb4a0) at eval.c:3505
#61 0x00000000004ad026 in do_one_cmd (cmdlinep=0x7fffffffb5c0, sourcing=0,
cstack=0x7fffffffb6b0, fgetline=0x4c3329 <getexline>, cookie=0x0) at
ex_docmd.c:2705
#62 0x00000000004aa3fc in do_cmdline (cmdline=0x0, fgetline=0x4c3329
<getexline>, cookie=0x0, flags=0) at ex_docmd.c:1131
#63 0x000000000053bbd8 in nv_colon (cap=0x7fffffffbc30) at normal.c:5330
#64 0x0000000000534682 in normal_cmd (oap=0x7fffffffbcd0, toplevel=1) at
normal.c:1160
#65 0x000000000064b0c5 in main_loop (cmdwin=0, noexmode=0) at main.c:1342
#66 0x000000000064a9dc in main (argc=1, argv=0x7fffffffbfd8) at main.c:1042
quit
A debugging session is active.
Inferior 1 [process 8821] will be killed.
Quit anyway? (y or n) The program being debugged has been started already.
Start it from the beginning? (y or n) Starting program:
/home/daniel/Vcs/vim/src/vim
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffe9747700 (LWP 15845)]
[New Thread 0x7fffe8c1c700 (LWP 16442)]
[New Thread 0x7fffe3fff700 (LWP 16443)]
[New Thread 0x7fffe37fe700 (LWP 16444)]
[New Thread 0x7fffe2ffd700 (LWP 16445)]
[New Thread 0x7fffe27fc700 (LWP 16447)]
[New Thread 0x7fffe1ffb700 (LWP 16448)]
Program received signal SIGSEGV, Segmentation fault.
0x000000000175c0c0 in ?? ()
#0 0x000000000175c0c0 in ?? ()
#1 0x0000000000597714 in vim_regexec_multi (rmp=0x7fffffffb5b0, win=0xabffc0,
buf=0x146dcf0, lnum=183, col=0, tm=0x0) at regexp.c:8247
#2 0x00000000005e3309 in syn_regexec (rmp=0x7fffffffb5b0, lnum=183, col=0,
st=0x17c2c68) at syntax.c:3272
#3 0x00000000005e0d23 in syn_current_attr (syncing=0, displaying=1,
can_spell=0x0, keep_state=0) at syntax.c:2092
#4 0x00000000005e0509 in get_syntax_attr (col=0, can_spell=0x0, keep_state=0)
at syntax.c:1851
#5 0x00000000005a02c7 in win_line (wp=0xabffc0, lnum=183, startrow=28,
endrow=40, nochange=0) at screen.c:4318
#6 0x000000000059b023 in win_update (wp=0xabffc0) at screen.c:2010
#7 0x0000000000598666 in update_screen (type=40) at screen.c:677
#8 0x000000000064ae71 in main_loop (cmdwin=0, noexmode=0) at main.c:1245
#9 0x000000000064a9dc in main (argc=1, argv=0x7fffffffbfd8) at main.c:1042
