Dominique Pellé wrote:
> Bram Moolenaar wrote:
> >
> > Patch 7.4.2347
> > Problem: Crash when closing a buffer while Visual mode is active.
> > (Dominique Pelle)
> > Solution: Adjust the position before computing the number of lines.
> > When closing the current buffer stop Visual mode.
> > Files: src/buffer.c, src/normal.c, src/testdir/test_normal.vim
>
> Hi
>
> Using vim-7.4.2361, I see the following bug discovered using
> afl-fuzz and which is a regression introduced by patch 7.4.2347:
>
> $ cat <<EOF >bug.vim
> call setline(1, ['', 'a b', '', ''])
> call feedkeys("/b\<cr>", 'x')
> 1@
> bw!
> EOF
>
> $ valgrind vim -u NONE -i NONE -S bug.vim -cq 2> log
>
> ==15099== Memcheck, a memory error detector
> ==15099== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
> ==15099== Using Valgrind-3.12.0.SVN and LibVEX; rerun with -h for copyright
> info
> ==15099== Command: vim -u NONE -N -S bug.vim -cq
> ==15099==
> ==15099== Invalid read of size 1
> ==15099== at 0x4C97F0: utf_ptr2char (mbyte.c:1761)
> ==15099== by 0x4E0046: adjust_cursor_eol (ops.c:3984)
> ==15099== by 0x4116C0: do_buffer (buffer.c:1393)
> ==15099== by 0x4119F2: do_bufdel (buffer.c:1089)
> ==15099== by 0x45FA4F: ex_bunload (ex_docmd.c:5514)
> ==15099== by 0x46808C: do_one_cmd (ex_docmd.c:2962)
> ==15099== by 0x46808C: do_cmdline (ex_docmd.c:1110)
> ==15099== by 0x45C651: do_source (ex_cmds2.c:4111)
> ==15099== by 0x45D0BB: cmd_source (ex_cmds2.c:3724)
> ==15099== by 0x46808C: do_one_cmd (ex_docmd.c:2962)
> ==15099== by 0x46808C: do_cmdline (ex_docmd.c:1110)
> ==15099== by 0x59B09B: exe_commands (main.c:2896)
> ==15099== by 0x59B09B: vim_main2 (main.c:781)
> ==15099== by 0x407B05: main (main.c:415)
> ==15099== Address 0x76da9f1 is 1 bytes after a block of size 4,096 alloc'd
> ==15099== at 0x4C2ABF5: malloc (vg_replace_malloc.c:299)
> ==15099== by 0x4C242B: lalloc (misc2.c:942)
> ==15099== by 0x59BC10: mf_alloc_bhdr.isra.3 (memfile.c:907)
> ==15099== by 0x59C926: mf_new (memfile.c:381)
> ==15099== by 0x4A87FF: ml_new_data (memline.c:3513)
> ==15099== by 0x4AB1FC: ml_open (memline.c:400)
> ==15099== by 0x4103E6: open_buffer (buffer.c:160)
> ==15099== by 0x59AD01: create_windows (main.c:2668)
> ==15099== by 0x59AD01: vim_main2 (main.c:704)
> ==15099== by 0x407B05: main (main.c:415)
> ...snip...
Thanks. It's not really a regression, but uncovering another problem.
The ":1@" changes the line number without correcting the column.
I tried writing a test, but since the "1@" command fails, and I can't
find another way of triggering the problem, I gave up on that.
--
The term "free software" is defined by Richard M. Stallman as
being software that isn't necessarily for free. Confusing?
Let's call it "Stallman software" then!
-- Bram Moolenaar
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
