Hi, On Wed, Mar 23, 2016 at 5:36 AM, h_east <[email protected]> wrote: > >> > On Mon, Mar 21, 2016 at 2:45 AM, Dominique Pellé >> > <[email protected]> wrote: >> > > Hi >> > > >> > > afl-fuzz found another crash with use of freed memory in vim-7.4.1627 >> > > (and older) in quickfix code. This is a different bug that the one fixed >> > > recently in Vim-7.4.1592: >> > > >> > >> > The attached patch fixes this issue. These issues are caused by autocmds >> > modifying the location list while the location list is being used. >> >> This issue also occurs with the quickfix. >> >> ]$ vim -Nu NONE -S crash_qf.vim >> Vim: Caught deadly signal SEGV >> >> Vim: Finished. >> Segmentation fault (core dumped) >> >> PS >> I think we should abort even if `qi->qf_curlist` has changed. >> >> I'm sorry. In fact, I have had already written a patch. >> But did not yet been submitted. >> I'll send patch later. > > A patch is attached. > Please check it. >
The patch looks good to me. One comment: When the quickfix/location list is modified, the opened_window variable is set to FALSE even though the window is still valid/open. I think, in this case the new window needs to be closed. The opened_window variable should be set to FALSE only when win_valid() returns FALSE. - Yegappan > > Yegappan> > I have modified to respect your patch. > Thank you for the nice patch. > After all, You are the quickfix wizard :-) > -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
