Dominique Pellé wrote:
> Fuzzing with afl-fuzz found another crash in Vim.
> It happens in vim-7.4.1073 (and older), but it does not
> happen in Vim-7.4.52 which comes with xubuntu-14.04.
>
> Steps to reproduce:
>
> $ vim -u NONE -c 'com -a='
> Vim: Caught deadly signal SEGV
>
> Vim: Finished.
> Segmentation fault (core dumped)
>
> Valgrind says:
>
> ==17621== Memcheck, a memory error detector
> ==17621== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
> ==17621== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
> ==17621== Command: ./vim -u NONE -c com!\ -a=
> ==17621== Parent PID: 16430
> ==17621==
> ==17621== Invalid read of size 1
> ==17621== at 0x4766C3: parse_addr_type_arg (ex_docmd.c:6933)
> ==17621== by 0x475251: uc_scan_attr (ex_docmd.c:6226)
> ==17621== by 0x475384: ex_command (ex_docmd.c:6271)
> ==17621== by 0x46F007: do_one_cmd (ex_docmd.c:2962)
> ==17621== by 0x46BCF5: do_cmdline (ex_docmd.c:1133)
> ==17621== by 0x46B331: do_cmdline_cmd (ex_docmd.c:738)
> ==17621== by 0x5DF33B: exe_commands (main.c:2928)
> ==17621== by 0x5DC91D: main (main.c:962)
> ==17621== Address 0x76aa2a9 is 0 bytes after a block of size 9 alloc'd
> ==17621== at 0x4C2AB80: malloc (in
> /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==17621== by 0x4E38DF: lalloc (misc2.c:951)
> ==17621== by 0x4E37AD: alloc (misc2.c:835)
> ==17621== by 0x4E3D2D: vim_strsave (misc2.c:1289)
> ==17621== by 0x46BB1F: do_cmdline (ex_docmd.c:1063)
> ==17621== by 0x46B331: do_cmdline_cmd (ex_docmd.c:738)
> ==17621== by 0x5DF33B: exe_commands (main.c:2928)
> ==17621== by 0x5DC91D: main (main.c:962)
> (...more errors after that...)
>
> I did a bisection:
>
> vim-7.4.542 -> crash
> vim-7.4.541 -> OK
>
> So regression was introduced by this patch:
>
> commit f1d6ccf2f9c8a8ae2c0ec4577946397c103ead2b
> Author: Bram Moolenaar <[email protected]>
> Date: Mon Dec 8 04:16:44 2014 +0100
>
> updated for version 7.4.542
> Problem: Using a range for window and buffer commands has a few
> problems.
> Cannot specify the type of range for a user command.
> Solution: Add the -addr argument for user commands. Fix problems.
> (Marcin
> Szamotulski)
>
> Attached patch fixes the crash.
Thanks. It didn't crash for me. So adding a test would not help.
I suppose we would need to run the tests under valgrind to reproduce
this kind of error.
--
The chat program is in public domain. This is not the GNU public license.
If it breaks then you get to keep both pieces.
-- Copyright notice for the chat program
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
