Bram Moolenaar wrote:
>
> Patch 7.4.2347
> Problem: Crash when closing a buffer while Visual mode is active.
> (Dominique Pelle)
> Solution: Adjust the position before computing the number of lines.
> When closing the current buffer stop Visual mode.
> Files: src/buffer.c, src/normal.c, src/testdir/test_normal.vim
Hi
Using vim-7.4.2361, I see the following bug discovered using
afl-fuzz and which is a regression introduced by patch 7.4.2347:
$ cat <<EOF >bug.vim
call setline(1, ['', 'a b', '', ''])
call feedkeys("/b\<cr>", 'x')
1@
bw!
EOF
$ valgrind vim -u NONE -i NONE -S bug.vim -cq 2> log
==15099== Memcheck, a memory error detector
==15099== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==15099== Using Valgrind-3.12.0.SVN and LibVEX; rerun with -h for copyright info
==15099== Command: vim -u NONE -N -S bug.vim -cq
==15099==
==15099== Invalid read of size 1
==15099== at 0x4C97F0: utf_ptr2char (mbyte.c:1761)
==15099== by 0x4E0046: adjust_cursor_eol (ops.c:3984)
==15099== by 0x4116C0: do_buffer (buffer.c:1393)
==15099== by 0x4119F2: do_bufdel (buffer.c:1089)
==15099== by 0x45FA4F: ex_bunload (ex_docmd.c:5514)
==15099== by 0x46808C: do_one_cmd (ex_docmd.c:2962)
==15099== by 0x46808C: do_cmdline (ex_docmd.c:1110)
==15099== by 0x45C651: do_source (ex_cmds2.c:4111)
==15099== by 0x45D0BB: cmd_source (ex_cmds2.c:3724)
==15099== by 0x46808C: do_one_cmd (ex_docmd.c:2962)
==15099== by 0x46808C: do_cmdline (ex_docmd.c:1110)
==15099== by 0x59B09B: exe_commands (main.c:2896)
==15099== by 0x59B09B: vim_main2 (main.c:781)
==15099== by 0x407B05: main (main.c:415)
==15099== Address 0x76da9f1 is 1 bytes after a block of size 4,096 alloc'd
==15099== at 0x4C2ABF5: malloc (vg_replace_malloc.c:299)
==15099== by 0x4C242B: lalloc (misc2.c:942)
==15099== by 0x59BC10: mf_alloc_bhdr.isra.3 (memfile.c:907)
==15099== by 0x59C926: mf_new (memfile.c:381)
==15099== by 0x4A87FF: ml_new_data (memline.c:3513)
==15099== by 0x4AB1FC: ml_open (memline.c:400)
==15099== by 0x4103E6: open_buffer (buffer.c:160)
==15099== by 0x59AD01: create_windows (main.c:2668)
==15099== by 0x59AD01: vim_main2 (main.c:704)
==15099== by 0x407B05: main (main.c:415)
...snip...
Regards
Dominique
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
