Dominique wrote: > Here is one more bug found by afl-fuzz using vim-7.4.2358. > Vim-7.4.52 in xubuntu-14.04 also has the bug so it's an old bug: > > $ cat <<EOF >bug.vim > norm oa > norm oabcd) > norm v= > q! > EOF > > $ valgrind --num-callers=30 vim -u NONE -i NONE -S bug.vim 2>log > $ cat log > ==4689== Memcheck, a memory error detector > ==4689== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. > ==4689== Using Valgrind-3.12.0.SVN and LibVEX; rerun with -h for copyright > info > ==4689== Command: ./vim -u NONE -i NONE -S bug.vim > ==4689== > ==4689== Invalid read of size 1 > ==4689== at 0x4F4B60: utf_head_off (mbyte.c:3740) > ==4689== by 0x577C77: findmatchlimit (search.c:2159) > ==4689== by 0x4DE418: find_match_char (misc1.c:6698) > ==4689== by 0x4DE3D2: find_match_paren (misc1.c:6684) > ==4689== by 0x4DD2F4: cin_isfuncdecl (misc1.c:6121) > ==4689== by 0x4E1FA4: get_c_indent (misc1.c:8903) > ==4689== by 0x507655: op_reindent (ops.c:732) > ==4689== by 0x4F976C: do_pending_operator (normal.c:1954) > ==4689== by 0x4F7F57: normal_cmd (normal.c:1182) > ==4689== by 0x47E1DB: exec_normal (ex_docmd.c:10250) > ==4689== by 0x47E19A: exec_normal_cmd (ex_docmd.c:10233) > ==4689== by 0x47DFAC: ex_normal (ex_docmd.c:10142) > ==4689== by 0x471B53: do_one_cmd (ex_docmd.c:2962) > ==4689== by 0x46E5D4: do_cmdline (ex_docmd.c:1110) > ==4689== by 0x46C296: do_source (ex_cmds2.c:4110) > ==4689== by 0x46B8A8: cmd_source (ex_cmds2.c:3723) > ==4689== by 0x46B7FA: ex_source (ex_cmds2.c:3698) > ==4689== by 0x471B53: do_one_cmd (ex_docmd.c:2962) > ==4689== by 0x46E5D4: do_cmdline (ex_docmd.c:1110) > ==4689== by 0x46DC10: do_cmdline_cmd (ex_docmd.c:715) > ==4689== by 0x5FA646: exe_commands (main.c:2896) > ==4689== by 0x5F7A2B: vim_main2 (main.c:781) > ==4689== by 0x5F73D5: main (main.c:415) > ==4689== Address 0x7697ff0 is 0 bytes after a block of size 4,096 alloc'd > ==4689== at 0x4C2ABF5: malloc (vg_replace_malloc.c:299) > ==4689== by 0x4E6CC0: lalloc (misc2.c:942) > ==4689== by 0x4E6B8D: alloc (misc2.c:840) > ==4689== by 0x5FD5E1: mf_alloc_bhdr (memfile.c:907) > ==4689== by 0x5FCB1B: mf_new (memfile.c:381) > ==4689== by 0x4CD146: ml_new_data (memline.c:3513) > ==4689== by 0x4C6E34: ml_open (memline.c:400) > ==4689== by 0x40691E: open_buffer (buffer.c:160) > ==4689== by 0x5FA0C3: create_windows (main.c:2668) > ==4689== by 0x5F7863: vim_main2 (main.c:704) > ==4689== by 0x5F73D5: main (main.c:415) > ...snip...
Thanks, I can reproduce it, I'll look into it. -- Your fault: core dumped /// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org /// -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
