On Di, 24 Jan 2017, Christian Brabandt wrote:
> Hi Axel!
>
> On Di, 24 Jan 2017, Axel Bender wrote:
>
> > Using the attached TXT file, and the keystrokes given below, gvim
> > (8.0.1-225, compiled with GNU 6.2.0 64-bit on Windows 7) crashes.
> >
> > > gvim.exe -i NONE -u NONE --noplugin -U NONE x.txt
> >
> > 2whvtuy2j<C-Q>9j2wpuu
> >
> > Can anyone else confirm this?
>
> It segfaults for me at the put. Here is a backtrace:
> #0 __GI_raise (sig=sig@entry=6) at
> ../sysdeps/unix/sysv/linux/raise.c:58
> #1 0x00007f9f6384c40a in __GI_abort () at abort.c:89
> #2 0x00007f9f63888bd0 in __libc_message (do_abort=do_abort@entry=2,
> fmt=fmt@entry=0x7f9f6397dc70 "*** Error in `%s': %s: 0x%s ***\n") at
> ../sysdeps/posix/libc_fatal.c:175
> #3 0x00007f9f6388efa6 in malloc_printerr (action=3, str=0x7f9f6397dd80
> "free(): invalid next size (fast)", ptr=<optimized out>,
> ar_ptr=<optimized out>) at malloc.c:5046
> #4 0x00007f9f6388f79e in _int_free (av=0x7f9f63bb0b00 <main_arena>,
> p=0x56407834deb0, have_lock=0) at malloc.c:3902
> #5 0x00005640775349b1 in vim_free (x=0x56407834dec0) at misc2.c:1727
> #6 0x000056407751ad67 in ml_flush_line (buf=0x564078327810) at
> memline.c:3496
> #7 0x0000564077518b8a in ml_get_buf (buf=0x564078327810, lnum=6,
> will_change=0) at memline.c:2474
> #8 0x0000564077518a19 in ml_get (lnum=6) at memline.c:2398
> #9 0x000056407755b0a0 in do_put (regname=0, dir=-1, count=1, flags=32)
> at ops.c:3786
> #10 0x0000564077553699 in nv_put (cap=0x7ffe53d81ca0) at normal.c:9436
> #11 0x0000564077544f24 in normal_cmd (oap=0x7ffe53d81d70, toplevel=1) at
> normal.c:1150
> #12 0x0000564077651ddf in main_loop (cmdwin=0, noexmode=0) at
> main.c:1311
> #13 0x00005640776515ac in vim_main2 () at main.c:877
> #14 0x0000564077650d88 in main (argc=5, argv=0x7ffe53d81f58) at
> main.c:415
I think, this patch fixes it. However, this is only a quick fix, I
haven't thoroughly looked at it.
I'll work more on it later, if I have some more time and will add a
test.
diff --git a/src/ops.c b/src/ops.c
index 1abb8daa1..c815308a8 100644
--- a/src/ops.c
+++ b/src/ops.c
@@ -3784,6 +3784,11 @@ do_put(
if (totlen > 0)
{
oldp = ml_get(lnum);
+ if (VIsual_active && col > (int)STRLEN(oldp))
+ {
+ lnum++;
+ continue;
+ }
newp = alloc_check((unsigned)(STRLEN(oldp) + totlen + 1));
if (newp == NULL)
goto end; /* alloc() gave an error message */
Best,
Christian
--
Die Zeit ist ein guter Arzt, aber ein schlechter Kosmetiker.
-- William Somerset Maugham
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to vim_dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
