Dominique Pellé wrote:
>
> Vim-7.4.797 uses free memory when doing:
>
> $ vim -u NONE -S crash.vim
>
> ... where crash.vim is the attached file.
>
> =================================================================
> ==4903==ERROR: AddressSanitizer: heap-use-after-free on address
> 0x602000015490 at pc 0x528f70 bp 0x7ffddfc709a0 sp 0x7ffddfc70998
> READ of size 1 at 0x602000015490 thread T0
> #0 0x528f6f in do_one_cmd /home/pel/sb/vim/src/ex_docmd.c:2381
> #1 0x523378 in do_cmdline /home/pel/sb/vim/src/ex_docmd.c:1133
> #2 0x51d886 in do_source /home/pel/sb/vim/src/ex_cmds2.c:3353
> #3 0x51c3d6 in cmd_source /home/pel/sb/vim/src/ex_cmds2.c:2962
> #4 0x51c1ae in ex_source /home/pel/sb/vim/src/ex_cmds2.c:2935
> #5 0x52af9f in do_one_cmd /home/pel/sb/vim/src/ex_docmd.c:2940
> #6 0x523378 in do_cmdline /home/pel/sb/vim/src/ex_docmd.c:1133
> #7 0x521f5c in do_cmdline_cmd /home/pel/sb/vim/src/ex_docmd.c:738
> #8 0x944237 in exe_commands /home/pel/sb/vim/src/main.c:2926
> #9 0x93db0d in main /home/pel/sb/vim/src/main.c:961
> #10 0x7fa872e1eec4 in __libc_start_main
> (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
> #11 0x40ea18 (/home/pel/sb/vim/src/vim+0x40ea18)
>
> 0x602000015490 is located 0 bytes inside of 2-byte region
> [0x602000015490,0x602000015492)
> freed by thread T0 here:
> #0 0x7fa875bef5c7 in __interceptor_free
> (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x545c7)
> #1 0x666c79 in vim_free /home/pel/sb/vim/src/misc2.c:1707
> #2 0x528ed6 in do_one_cmd /home/pel/sb/vim/src/ex_docmd.c:2367
> #3 0x523378 in do_cmdline /home/pel/sb/vim/src/ex_docmd.c:1133
> #4 0x51d886 in do_source /home/pel/sb/vim/src/ex_cmds2.c:3353
> #5 0x51c3d6 in cmd_source /home/pel/sb/vim/src/ex_cmds2.c:2962
> #6 0x51c1ae in ex_source /home/pel/sb/vim/src/ex_cmds2.c:2935
> #7 0x52af9f in do_one_cmd /home/pel/sb/vim/src/ex_docmd.c:2940
> #8 0x523378 in do_cmdline /home/pel/sb/vim/src/ex_docmd.c:1133
> #9 0x521f5c in do_cmdline_cmd /home/pel/sb/vim/src/ex_docmd.c:738
> #10 0x944237 in exe_commands /home/pel/sb/vim/src/main.c:2926
> #11 0x93db0d in main /home/pel/sb/vim/src/main.c:961
> #12 0x7fa872e1eec4 in __libc_start_main
> (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
[...]
> Attached patch fixes it.
> Bug was found using afl-fuzz + asan on Linux x86_64.
Thanks!
--
GOD: That is your purpose Arthur ... the Quest for the Holy Grail ...
"Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
