Hi Vim-7.4.2222 and older segfaults with this command:
$ vim -u NONE -S crash-sign-7.4.2222.vim Vim: Caught deadly signal SEGV Vim: Finished. Segmentation fault (core dumped) crash-sign-7.4.2222.vim is the attached file. Bug was found using afl-fuzz. Attached patch fixes it, but I'm not sure whether commands "sign place 1 line=3 name=Sign1 buffer=1" and "sign jump 1 buffer=1" should have complained about buffer 1 being deleted. Regards Dominique -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
diff --git a/src/ex_cmds.c b/src/ex_cmds.c
index aeb2bf9..881a63a 100644
--- a/src/ex_cmds.c
+++ b/src/ex_cmds.c
@@ -7860,7 +7860,8 @@ ex_sign(exarg_T *eap)
else
{ /* ... not currently in a window */
char_u *cmd;
-
+ if (buf->b_fname == NULL)
+ return;
cmd = alloc((unsigned)STRLEN(buf->b_fname) + 25);
if (cmd == NULL)
return;
crash-sign-7.4.2222.vim
Description: Binary data
