Dominique Pellé <dominique.pe...@gmail.com> wrote: > Bram Moolenaar <b...@moolenaar.net> wrote: > >> Patch 8.0.0224 >> Problem: When 'fileformats' is changed in a BufReadPre auto command, it >> does not take effect in readfile(). (Gary Johnson) >> Solution: Check the value of 'fileformats' after executing auto commands. >> (Christian Brabandt) >> Files: src/fileio.c, src/testdir/test_fileformat.vim >> >> >> *** ../vim-8.0.0223/src/fileio.c 2017-01-13 21:59:59.327172086 > > > Running tests with vim-8.0.225 built with asan, I see the > following crash (head-buffer-overflow). Since I see fileio.c > in the stack, I assume that the bug is caused by patch 8.0.224: > > ================================================================= > ==5073==ERROR: AddressSanitizer: heap-buffer-overflow on address > 0x6310000a07ff at pc 0x000000a15d57 bp 0x7ffe2637ca50 sp > 0x7ffe2637ca48 > READ of size 1 at 0x6310000a07ff thread T0 > #0 0xa15d56 in readfile /home/pel/sb/vim/src/fileio.c:2254 > #1 0x51c1b9 in open_buffer /home/pel/sb/vim/src/buffer.c:236 > #2 0x80d3bb in do_ecmd /home/pel/sb/vim/src/ex_cmds.c:4184 > #3 0x8ecd41 in do_exedit /home/pel/sb/vim/src/ex_docmd.c:8616 > #4 0x8ea8c2 in ex_splitview /home/pel/sb/vim/src/ex_docmd.c:8218 > #5 0x8ba6be in do_one_cmd /home/pel/sb/vim/src/ex_docmd.c:2967 > #6 0x8a2f42 in do_cmdline /home/pel/sb/vim/src/ex_docmd.c:1115 > #7 0x14a850e in call_user_func /home/pel/sb/vim/src/userfunc.c:893 > #8 0x149fbce in call_func /home/pel/sb/vim/src/userfunc.c:1353 > #9 0x149c847 in get_func_tv /home/pel/sb/vim/src/userfunc.c:455 > #10 0x14c5afa in ex_call /home/pel/sb/vim/src/userfunc.c:2986 > #11 0x8ba6be in do_one_cmd /home/pel/sb/vim/src/ex_docmd.c:2967 > #12 0x8a2f42 in do_cmdline /home/pel/sb/vim/src/ex_docmd.c:1115 > #13 0x6e5a9c in ex_execute /home/pel/sb/vim/src/eval.c:8382 > #14 0x8ba6be in do_one_cmd /home/pel/sb/vim/src/ex_docmd.c:2967 > #15 0x8a2f42 in do_cmdline /home/pel/sb/vim/src/ex_docmd.c:1115 > #16 0x14a850e in call_user_func /home/pel/sb/vim/src/userfunc.c:893 > #17 0x149fbce in call_func /home/pel/sb/vim/src/userfunc.c:1353 > #18 0x149c847 in get_func_tv /home/pel/sb/vim/src/userfunc.c:455 > #19 0x14c5afa in ex_call /home/pel/sb/vim/src/userfunc.c:2986 > #20 0x8ba6be in do_one_cmd /home/pel/sb/vim/src/ex_docmd.c:2967 > #21 0x8a2f42 in do_cmdline /home/pel/sb/vim/src/ex_docmd.c:1115 > #22 0x891a3d in do_source /home/pel/sb/vim/src/ex_cmds2.c:4111 > #23 0x88dbd6 in cmd_source /home/pel/sb/vim/src/ex_cmds2.c:3724 > #24 0x88e057 in ex_source /home/pel/sb/vim/src/ex_cmds2.c:3699 > #25 0x8ba6be in do_one_cmd /home/pel/sb/vim/src/ex_docmd.c:2967 > #26 0x8a2f42 in do_cmdline /home/pel/sb/vim/src/ex_docmd.c:1115 > #27 0x8a8020 in do_cmdline_cmd /home/pel/sb/vim/src/ex_docmd.c:715 > #28 0x16c3b0c in exe_commands /home/pel/sb/vim/src/main.c:2901 > #29 0x16be1b5 in vim_main2 /home/pel/sb/vim/src/main.c:781 > #30 0x16b3147 in main /home/pel/sb/vim/src/main.c:415 > #31 0x2b0174203f44 in __libc_start_main > /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287 > #32 0x469b46 in _start ??:? > > 0x6310000a07ff is located 1 bytes to the left of 65537-byte region > [0x6310000a0800,0x6310000b0801) > allocated by thread T0 here: > #0 0x4f0b12 in __interceptor_malloc ??:? > #1 0xcc4bf0 in lalloc /home/pel/sb/vim/src/misc2.c:942 > #2 0xa094e7 in readfile /home/pel/sb/vim/src/fileio.c:1231 > #3 0x51c1b9 in open_buffer /home/pel/sb/vim/src/buffer.c:236 > #4 0x80d3bb in do_ecmd /home/pel/sb/vim/src/ex_cmds.c:4184 > #5 0x8ecd41 in do_exedit /home/pel/sb/vim/src/ex_docmd.c:8616 > #6 0x8ea8c2 in ex_splitview /home/pel/sb/vim/src/ex_docmd.c:8218 > #7 0x8ba6be in do_one_cmd /home/pel/sb/vim/src/ex_docmd.c:2967 > #8 0x8a2f42 in do_cmdline /home/pel/sb/vim/src/ex_docmd.c:1115 > #9 0x14a850e in call_user_func /home/pel/sb/vim/src/userfunc.c:893 > #10 0x149fbce in call_func /home/pel/sb/vim/src/userfunc.c:1353 > #11 0x149c847 in get_func_tv /home/pel/sb/vim/src/userfunc.c:455 > #12 0x14c5afa in ex_call /home/pel/sb/vim/src/userfunc.c:2986 > #13 0x8ba6be in do_one_cmd /home/pel/sb/vim/src/ex_docmd.c:2967 > #14 0x8a2f42 in do_cmdline /home/pel/sb/vim/src/ex_docmd.c:1115 > #15 0x6e5a9c in ex_execute /home/pel/sb/vim/src/eval.c:8382 > #16 0x8ba6be in do_one_cmd /home/pel/sb/vim/src/ex_docmd.c:2967 > #17 0x8a2f42 in do_cmdline /home/pel/sb/vim/src/ex_docmd.c:1115 > #18 0x14a850e in call_user_func /home/pel/sb/vim/src/userfunc.c:893 > #19 0x149fbce in call_func /home/pel/sb/vim/src/userfunc.c:1353 > #20 0x149c847 in get_func_tv /home/pel/sb/vim/src/userfunc.c:455 > #21 0x14c5afa in ex_call /home/pel/sb/vim/src/userfunc.c:2986 > #22 0x8ba6be in do_one_cmd /home/pel/sb/vim/src/ex_docmd.c:2967 > #23 0x8a2f42 in do_cmdline /home/pel/sb/vim/src/ex_docmd.c:1115 > #24 0x891a3d in do_source /home/pel/sb/vim/src/ex_cmds2.c:4111 > #25 0x88dbd6 in cmd_source /home/pel/sb/vim/src/ex_cmds2.c:3724 > #26 0x88e057 in ex_source /home/pel/sb/vim/src/ex_cmds2.c:3699 > #27 0x8ba6be in do_one_cmd /home/pel/sb/vim/src/ex_docmd.c:2967 > #28 0x8a2f42 in do_cmdline /home/pel/sb/vim/src/ex_docmd.c:1115 > #29 0x8a8020 in do_cmdline_cmd /home/pel/sb/vim/src/ex_docmd.c:715 > > Shadow bytes around the buggy address: > 0x0c628000c0a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 0x0c628000c0b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 0x0c628000c0c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 0x0c628000c0d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 0x0c628000c0e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > =>0x0c628000c0f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fa] > 0x0c628000c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 0x0c628000c110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 0x0c628000c120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 0x0c628000c130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 0x0c628000c140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > Shadow byte legend (one shadow byte represents 8 application bytes): > Addressable: 00 > Partially addressable: 01 02 03 04 05 06 07 > Heap left redzone: fa > Heap right redzone: fb > Freed heap region: fd > Stack left redzone: f1 > Stack mid redzone: f2 > Stack right redzone: f3 > Stack partial redzone: f4 > Stack after return: f5 > Stack use after scope: f8 > Global redzone: f9 > Global init order: f6 > Poisoned by user: f7 > Container overflow: fc > Array cookie: ac > Intra object redzone: bb > ASan internal: fe > Left alloca redzone: ca > Right alloca redzone: cb > ==5073==ABORTING > > Aborted (core dumped)
How about an address sanitizer build in Travis to catch this kind of bugs earlier in CI? Regards Dominique -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
