Hi afl-fuzz found another command that causes access to invalid memory in Vim-8.0.329. It's not a recent regression since bug is present in at least Vim-7.4.52 that comes with ubuntu-14.04.
I have not been able to find a fix yet. Step to reproduce: $ valgrind vim -u NONE -c'norm oxx' -c'norm vapo' -c'q!' 2>vg.log And vg.log contains: ==4259== Memcheck, a memory error detector ==4259== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==4259== Using Valgrind-3.12.0.SVN and LibVEX; rerun with -h for copyright info ==4259== Command: vim -u NONE -cnorm\ oxx -cnorm\ vapo -cq! ==4259== ==4259== Invalid read of size 1 ==4259== at 0x4CF4A0: utf_head_off (mbyte.c:3746) ==4259== by 0x4D094C: mb_adjustpos (mbyte.c:4028) ==4259== by 0x4E11C9: normal_cmd (normal.c:1292) ==4259== by 0x468F25: exec_normal (ex_docmd.c:10418) ==4259== by 0x469076: ex_normal (ex_docmd.c:10310) ==4259== by 0x46B734: do_one_cmd (ex_docmd.c:2981) ==4259== by 0x46B734: do_cmdline (ex_docmd.c:1120) ==4259== by 0x5BFC2B: exe_commands (main.c:2905) ==4259== by 0x5BFC2B: vim_main2 (main.c:781) ==4259== by 0x40C3D3: main (main.c:415) ==4259== Address 0xa95bc50 is 0 bytes after a block of size 4,096 alloc'd ==4259== at 0x4C2ABF5: malloc (vg_replace_malloc.c:299) ==4259== by 0x4C4D0B: lalloc (misc2.c:942) ==4259== by 0x5C0830: mf_alloc_bhdr.isra.3 (memfile.c:907) ==4259== by 0x5C1546: mf_new (memfile.c:381) ==4259== by 0x4AC6FF: ml_new_data (memline.c:3513) ==4259== by 0x4AF0FC: ml_open (memline.c:400) ==4259== by 0x414DD6: open_buffer (buffer.c:163) ==4259== by 0x5BF891: create_windows (main.c:2677) ==4259== by 0x5BF891: vim_main2 (main.c:704) ==4259== by 0x40C3D3: main (main.c:415) Possibly related to this, the following command does not seem to behave correctly, even if it does not trigger invalid memory: $ echo "foo bar" | vim -u NONE -c'norm wvapo' - Then press o multiple times and observe that cursor alternates between the beginning of the visual block and the *middle* of the visual block. I would expect it to alternate between the beginning and the *end* of the visual block. Regards Dominique -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
