On 17/12/2015 12:30, Bram Moolenaar wrote:
John Beckett wrote:
Mike Williams:
I'll look some more into it to make the defaults on Windows
more sensible and if the code can be simplified.
Thanks all for the interesting progress. I'm trying to set up a test
system where I might be able to join in but it's a long time since I
worked in C. I don't know anything about the HAVE_xxx settings, but it
appears there is a condition where Vim's data can be corrupted and
that condition is being exposed by the particular tests being run.
However, the problem is potentially more general, and conceivably
corruptions could occur in other circumstances.
Have you reached a conclusion about whether the problem is related to
a compiler optimisation bug? My guess would be that it is not since I
don't think Steve Hall uses Visual Studio to build the
Vim-without-Cream that I mentioned, and it also shows the corruption.
There has to be a clue in the fact that I have only ever seen
corrupted text after executing :sort. Presumably Vim makes an array of
pointers and sorts them. That array is being clobbered, or Vim's
pointer to the array is being overwritten. Are any unchecked memory
allocations done in Vim's sort?
I can think of one reason for the corruption: When inserting the lines
in the sorted order, the pointer from ml_get() is passed to ml_append.
If the line is far away from where it came from, the pointer may become
invalid. Copying the line into sortbuf1 would avoid that. That's
already done when "unique" is true, but only afterwards.
It would be good to first be able to reproduce the problem, otherwise
we don't know if this change will actually fix the it.
--- ../../b/src/ex_cmds.c 2015-11-10 21:05:45.309028557 +0100
+++ ex_cmds.c 2015-12-17 13:00:53.896995875 +0100
@@ -540,10 +540,11 @@
if (!unique || i == 0
|| (sort_ic ? STRICMP(s, sortbuf1) : STRCMP(s, sortbuf1)) != 0)
{
- if (ml_append(lnum++, s, (colnr_T)0, FALSE) == FAIL)
+ /* Copy the line into a buffer, it may become invalid in
+ * ml_append(). And it's needed for "unique". */
+ STRCPY(sortbuf1, s);
+ if (ml_append(lnum++, sortbuf1, (colnr_T)0, FALSE) == FAIL)
break;
- if (unique)
- STRCPY(sortbuf1, s);
}
fast_breakcheck();
if (got_int)
Tried this on Linux where I have been able to reproduce the corrupt, and
it fixed it for me. I checked it twice in case of finger trouble. Will
try on Windows later.
Mike
--
Some people aren't hard of hearing, but hard of listening.
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups "vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
