Hi
The :syntime tests added recently in vim-8.0.131 show
a ubsan error (undefined behavior) where qsort is
called with a NULL pointer to sort 0 elements:
syntax.c:6708:11: runtime error: null pointer passed as argument 1,
which is declared to never be null
/usr/include/stdlib.h:766:30: note: nonnull attribute specified here
#0 0xe407a9 in syntime_report /home/pel/sb/vim/src/syntax.c:6708
(discriminator 5)
#1 0xe3ebe8 in ex_syntime /home/pel/sb/vim/src/syntax.c:6582
#2 0x6bb9ef in do_one_cmd /home/pel/sb/vim/src/ex_docmd.c:2961
#3 0x6a6abc in do_cmdline /home/pel/sb/vim/src/ex_docmd.c:1110
#4 0x6a99e5 in do_cmdline_cmd /home/pel/sb/vim/src/ex_docmd.c:715
#5 0x5bad08 in f_execute /home/pel/sb/vim/src/evalfunc.c:2834
#6 0x5a73b7 in call_internal_func /home/pel/sb/vim/src/evalfunc.c:1001
#7 0xf4ba73 in call_func /home/pel/sb/vim/src/userfunc.c:1372
#8 0xf49ccf in get_func_tv /home/pel/sb/vim/src/userfunc.c:455
#9 0x5a2939 in eval7 /home/pel/sb/vim/src/eval.c:4349
#10 0x59fe51 in eval6 /home/pel/sb/vim/src/eval.c:3977
#11 0x59e954 in eval5 /home/pel/sb/vim/src/eval.c:3793
#12 0x59b44a in eval4 /home/pel/sb/vim/src/eval.c:3492
#13 0x59ae7c in eval3 /home/pel/sb/vim/src/eval.c:3409
#14 0x561e4c in eval2 /home/pel/sb/vim/src/eval.c:3341
#15 0x550b05 in eval1 /home/pel/sb/vim/src/eval.c:3269
#16 0x54ed83 in eval0 /home/pel/sb/vim/src/eval.c:3229
#17 0x5550af in ex_let /home/pel/sb/vim/src/eval.c:1204
#18 0x6bb9ef in do_one_cmd /home/pel/sb/vim/src/ex_docmd.c:2961
#19 0x6a6abc in do_cmdline /home/pel/sb/vim/src/ex_docmd.c:1110
#20 0xf51cfc in call_user_func /home/pel/sb/vim/src/userfunc.c:893
#21 0xf4b86a in call_func /home/pel/sb/vim/src/userfunc.c:1353
#22 0xf49ccf in get_func_tv /home/pel/sb/vim/src/userfunc.c:455
#23 0xf69148 in ex_call /home/pel/sb/vim/src/userfunc.c:2981
#24 0x6bb9ef in do_one_cmd /home/pel/sb/vim/src/ex_docmd.c:2961
#25 0x6a6abc in do_cmdline /home/pel/sb/vim/src/ex_docmd.c:1110
#26 0x584785 in ex_execute /home/pel/sb/vim/src/eval.c:8351
#27 0x6bb9ef in do_one_cmd /home/pel/sb/vim/src/ex_docmd.c:2961
#28 0x6a6abc in do_cmdline /home/pel/sb/vim/src/ex_docmd.c:1110
#29 0xf51cfc in call_user_func /home/pel/sb/vim/src/userfunc.c:893
#30 0xf4b86a in call_func /home/pel/sb/vim/src/userfunc.c:1353
#31 0xf49ccf in get_func_tv /home/pel/sb/vim/src/userfunc.c:455
#32 0xf69148 in ex_call /home/pel/sb/vim/src/userfunc.c:2981
#33 0x6bb9ef in do_one_cmd /home/pel/sb/vim/src/ex_docmd.c:2961
#34 0x6a6abc in do_cmdline /home/pel/sb/vim/src/ex_docmd.c:1110
#35 0x69c476 in do_source /home/pel/sb/vim/src/ex_cmds2.c:4111
#36 0x699b3f in cmd_source /home/pel/sb/vim/src/ex_cmds2.c:3724
#37 0x699da5 in ex_source /home/pel/sb/vim/src/ex_cmds2.c:3699
#38 0x6bb9ef in do_one_cmd /home/pel/sb/vim/src/ex_docmd.c:2961
#39 0x6a6abc in do_cmdline /home/pel/sb/vim/src/ex_docmd.c:1110
#40 0x6a99e5 in do_cmdline_cmd /home/pel/sb/vim/src/ex_docmd.c:715
#41 0x10de60c in exe_commands /home/pel/sb/vim/src/main.c:2901
#42 0x10d8691 in vim_main2 /home/pel/sb/vim/src/main.c:781
#43 0x10cd8ea in main /home/pel/sb/vim/src/main.c:415
#44 0x2b0bcc508f44 in __libc_start_main
/build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287
#45 0x436c28 in _start ??:?
It probably nit-picky as sorting a NULL pointer with 0
elements is most likely a no-op on all platforms.
But it's undefined behavior according to ubsan, so
it's best to fix it.
Regards
Dominique
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
diff --git a/src/syntax.c b/src/syntax.c
index 75ede36..077a810 100644
--- a/src/syntax.c
+++ b/src/syntax.c
@@ -6705,7 +6705,8 @@ syntime_report(void)
}
/* sort on total time */
- qsort(ga.ga_data, (size_t)ga.ga_len, sizeof(time_entry_T),
+ if (ga.ga_len > 1)
+ qsort(ga.ga_data, (size_t)ga.ga_len, sizeof(time_entry_T),
syn_compare_syntime);
MSG_PUTS_TITLE(_(" TOTAL COUNT MATCH SLOWEST AVERAGE NAME PATTERN"));
