Hirohito Higashi wrote:
> Hi Dominique,
>
> 2015-7-18(Sat) 22:28:11 UTC+9 Dominique Pelle:
> > On Sat, Jul 18, 2015 at 1:13 PM, h_east wrote:
> > > Hi Dominique,
> > >
> > > 2015-7-18(Sat) 14:40:28 UTC+9 Dominique Pelle:
> > >> h_east wrote:
> > >>
> > >> > Hi Dominique!
> > >> >
> > >> > 2015-7-18(Sat) 9:38:45 UTC+9 Dominique Pelle:
> > >> >> Bram Moolenaar <[email protected]> wrote:
> > >> >>
> > >> >> > Patch 7.4.786
> > >> >> > Problem: It is not possible for a plugin to adjust to a changed
> > >> >> > setting.
> > >> >> > Solution: Add the OptionSet autocommand event. (Christian
> > >> >> > Brabandt)
> > >> >>
> > >> >> Hi
> > >> >>
> > >> >> This patch causes use of freed memory when running test10.
> > >> >>
> > >> >> changeset 6935:4db70c94226b -> crash in test 10 with asan
> > >> >> changeset 6934:be7bd53ad376 -> no crash
> > >>
> > >> ....snip...
> > >>
> > >> > Could you try attached patch?
> > >> >
> > >> > --
> > >> > Best regards,
> > >> > Hirohito Higashi (a.k.a h_east)
> > >>
> > >> Hi Hirohito
> > >>
> > >> test10 still crashes after your patch, but the stack is then
> > >> different after your patch:
> > > ..snip..
> > >
> > > Thanks for confirming my patch!
> > > # My environment does not crash in original 7.4.786. (fedora 20 64bit)
> > >
> > > I update a patch.
> > > Attached new patch and valgrind.test10.
> > >
> > > valgrind.test10 seem to say that it error yet...
> > > Excuse me. Could you try again this patch?
> > >
> > > Thanks.
> > > --
> > > Best regards,
> > > Hirohito Higashi (a.k.a h_east)
> >
> >
> > Hi Hirohito,
> >
> > I still see another use-after-free bug when running
> > all tests after applying latest patch. It happens in test78:
>
> ..snip..
>
> > Aborted (core dumped)
>
> I think an attached patch corrects crash problem.
> Please confirm this.
Thanks for the fix!
> Bram and Christian B>
> When did_set_string_option() occurs error, the second argument(varp) was
> freed memory and re-set oldval's address. [*1]
> So, the following code will cause a problem.
>
> {
> *varp = s;
> ...
> did_set_string_option(opt_idx, varp, TRUE, oldval, NULL, ....
> ...
> set_vim_var_string(VV_OPTION_NEW, s, -1);
> }
>
>
> [*1]
> option.c in did_set_string_option()
> 7176 /*
> 7177 * If error detected, restore the previous value.
> 7178 */
> 7179 if (errmsg != NULL)
> 7180 {
> 7181 if (new_value_alloced)
> 7182 free_string_option(*varp);
> 7183 *varp = oldval;
>
> What do you think?
When the option value isn't actually changed, either because of an error
or because the same value was set again, I don't think the autocommands
should be triggered.
--
You are Dead. Do you wish to restart, load, or quit?
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
