Hi Here is another bug discovered by afl-fuzz which is ruthless at finding bugs. The following command crashes vim-7.4.823 (and older):
$ vim -u NONE -c ow -c 'sy keyword x c' Vim: Caught deadly signal SEGV Vim: Finished. Segmentation fault (core dumped) $ cgdb --args ./vim -u NONE -c ow -c 'sy keyword x c' 153│ idx = (unsigned)(hash & ht->ht_mask); 154│ hi = &ht->ht_array[idx]; 155│ 156├> if (hi->hi_key == NULL) 157│ return hi; (gdb) p hi $1 = (hashitem_T *) 0x0 (gdb) p idx $2 = 0 (gdb) p hash $3 = 99 (gdb) p ht->ht_mask $4 = 0 (gdb) bt #0 0x00000000004e2b5d in hash_lookup (ht=0x965a00, key=0x965f48 "c", hash=99) at hashtab.c:156 #1 0x000000000061ca44 in add_keyword (name=0x965f00 "c", id=46, flags=0, cont_in_list=0x0, next_list=0x0, conceal_char=0) at syntax.c:4458 #2 0x00000000006174f5 in syn_cmd_keyword (eap=0x7fffffffd428, syncing=0) at syntax.c:4868 #3 0x000000000060f0b5 in ex_syntax (eap=0x7fffffffd428) at syntax.c:6296 #4 0x000000000049053b in do_one_cmd (cmdlinep=0x7fffffffdb88, sourcing=1, cstack=0x7fffffffd6d0, fgetline=0x0, cookie=0x0) at ex_docmd.c:2941 #5 0x000000000048bdfe in do_cmdline (cmdline=0x7fffffffe2a0 "sy keyword x c", fgetline=0x0, cookie=0x0, flags=11) at ex_docmd.c:1133 #6 0x000000000048cca6 in do_cmdline_cmd (cmd=0x7fffffffe2a0 "sy keyword x c") at ex_docmd.c:738 #7 0x00000000006777e8 in exe_commands (parmp=0x7fffffffdc78) at main.c:2926 #8 0x00000000006742fd in main (argc=7, argv=0x7fffffffdeb8) at main.c:961 Valgrind or asan don't give more info. Sorry no patch. I'm not sure how to fix it. Regards Dominique -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
