Hi Here is one more bug found by afl-fuzz in vim-7.4.2330 an older:
$ cat bug.vim new call append(0, [" a", "b"]) norm kVdggViw bw! %d $ valgrind --num-callers=20 vim -u NONE -S bug.vim -c q 2> log $ cat log ==7787== Memcheck, a memory error detector ==7787== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==7787== Using Valgrind-3.12.0.SVN and LibVEX; rerun with -h for copyright info ==7787== Command: vim -u NONE -S bug.vim -c q ==7787== ==7787== Invalid read of size 1 ==7787== at 0x4D881C: do_pending_operator (normal.c:1700) ==7787== by 0x4E39F8: clip_get_selection (ops.c:6428) ==7787== by 0x59F800: clip_copy_selection (ui.c:544) ==7787== by 0x59F7A3: clip_auto_select (ui.c:614) ==7787== by 0x4D7E06: end_visual_mode (normal.c:3281) ==7787== by 0x465A6E: ex_operators (ex_docmd.c:9243) ==7787== by 0x45EC77: do_one_cmd (ex_docmd.c:2962) ==7787== by 0x45A9F2: do_cmdline (ex_docmd.c:1110) ==7787== by 0x458ADC: do_source (ex_cmds2.c:4097) ==7787== by 0x4582D3: cmd_source (ex_cmds2.c:3710) ==7787== by 0x45EC77: do_one_cmd (ex_docmd.c:2962) ==7787== by 0x45A9F2: do_cmdline (ex_docmd.c:1110) ==7787== by 0x5CEEEC: exe_commands (main.c:2896) ==7787== by 0x5CEEEC: vim_main2 (main.c:781) ==7787== by 0x5CD91C: main (main.c:415) ==7787== Address 0x76b0b80 is 0 bytes after a block of size 4,096 alloc'd ==7787== at 0x4C2ABF5: malloc (vg_replace_malloc.c:299) ==7787== by 0x4C81D7: lalloc (misc2.c:942) ==7787== by 0x5D127E: mf_alloc_bhdr (memfile.c:907) ==7787== by 0x5D127E: mf_new (memfile.c:381) ==7787== by 0x4AC6F1: ml_new_data (memline.c:3513) ==7787== by 0x4AC6F1: ml_open (memline.c:400) ==7787== by 0x406373: open_buffer (buffer.c:160) ==7787== by 0x5CEA44: create_windows (main.c:2668) ==7787== by 0x5CEA44: vim_main2 (main.c:704) ==7787== by 0x5CD91C: main (main.c:415) Regards Dominique -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
bug.vim
Description: Binary data
