Hi Dominique,
On Tue, Dec 19, 2017 at 12:31 AM, Dominique Pellé
<vim-dev-git...@256bit.org> wrote:
> I can reproduce it with vim-8.0.1406 with this simpler case:
>
> $ ./vim -u NONE -c'sv x' -c'au * * bw' -clb -cq
> Vim: Caught deadly signal SEGV
>
Thanks for the simplified test. I am attaching a patch for this
crash with a test.
Regards,
Yegappan
>
> Vim: Finished.
> Segmentation fault (core dumped)
>
> $ valgrind --num-callers=50 ./vim -u NONE -e -s -c'sv x' -c'au * * bw' -clb
> -cq
> ==7897== Memcheck, a memory error detector
> ==7897== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
> ==7897== Using Valgrind-3.14.0.GIT and LibVEX; rerun with -h for copyright
> info
> ==7897== Command: ./vim -u NONE -e -s -csv\ x -cau\ *\ *\ bw -clb -cq
> ==7897==
> ==7897== Invalid read of size 4
> ==7897== at 0x5221D3: ex_cbuffer (quickfix.c:5569)
> ==7897== by 0x468ABC: do_one_cmd (ex_docmd.c:2908)
> ==7897== by 0x464D3D: do_cmdline (ex_docmd.c:1071)
> ==7897== by 0x625A4C: exe_commands (main.c:2953)
> ==7897== by 0x625A4C: vim_main2 (main.c:800)
> ==7897== by 0x6245E4: main (main.c:429)
> ==7897== Address 0xce430f8 is 8 bytes inside a block of size 1,216 free'd
> ==7897== at 0x4C2ECF0: free (vg_replace_malloc.c:530)
> ==7897== by 0x51B9D7: qf_free_all (quickfix.c:1432)
> ==7897== by 0x5D60A0: win_free (window.c:4692)
> ==7897== by 0x5D3C83: win_free_mem (window.c:2572)
> ==7897== by 0x5D3C83: win_close (window.c:2413)
> ==7897== by 0x410BD2: do_buffer (buffer.c:1456)
> ==7897== by 0x411B9A: do_bufdel (buffer.c:1133)
> ==7897== by 0x46F1D3: ex_bunload (ex_docmd.c:5535)
> ==7897== by 0x468ABC: do_one_cmd (ex_docmd.c:2908)
> ==7897== by 0x464D3D: do_cmdline (ex_docmd.c:1071)
> ==7897== by 0x492EA7: apply_autocmds_group (fileio.c:9719)
> ==7897== by 0x48B519: apply_autocmds (fileio.c:9253)
> ==7897== by 0x5220B7: ex_cbuffer (quickfix.c:5530)
> ==7897== by 0x468ABC: do_one_cmd (ex_docmd.c:2908)
> ==7897== by 0x464D3D: do_cmdline (ex_docmd.c:1071)
> ==7897== by 0x625A4C: exe_commands (main.c:2953)
> ==7897== by 0x625A4C: vim_main2 (main.c:800)
> ==7897== by 0x6245E4: main (main.c:429)
> ==7897== Block was alloc'd at
> ==7897== at 0x4C2DBF6: malloc (vg_replace_malloc.c:299)
> ==7897== by 0x4D4E87: lalloc (misc2.c:954)
> ==7897== by 0x522009: ll_new_list (quickfix.c:1536)
> ==7897== by 0x522009: ll_get_or_alloc_list (quickfix.c:1564)
> ==7897== by 0x522009: ex_cbuffer (quickfix.c:5514)
> ==7897== by 0x468ABC: do_one_cmd (ex_docmd.c:2908)
> ==7897== by 0x464D3D: do_cmdline (ex_docmd.c:1071)
> ==7897== by 0x625A4C: exe_commands (main.c:2953)
> ==7897== by 0x625A4C: vim_main2 (main.c:800)
> ==7897== by 0x6245E4: main (main.c:429)
> (more errors after that)
>
> It's again a case of using a rogue autocommand that
> wipes out the buffer.
>
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to vim_dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
diff --git a/src/quickfix.c b/src/quickfix.c
index 6e80ddfca..1a9da025c 100644
--- a/src/quickfix.c
+++ b/src/quickfix.c
@@ -5520,14 +5520,6 @@ ex_cbuffer(exarg_T *eap)
#endif
int res;
- if (eap->cmdidx == CMD_lbuffer || eap->cmdidx == CMD_lgetbuffer
- || eap->cmdidx == CMD_laddbuffer)
- {
- qi = ll_get_or_alloc_list(curwin);
- if (qi == NULL)
- return;
- }
-
#ifdef FEAT_AUTOCMD
switch (eap->cmdidx)
{
@@ -5549,6 +5541,15 @@ ex_cbuffer(exarg_T *eap)
}
#endif
+ if (eap->cmdidx == CMD_lbuffer
+ || eap->cmdidx == CMD_lgetbuffer
+ || eap->cmdidx == CMD_laddbuffer)
+ {
+ qi = ll_get_or_alloc_list(curwin);
+ if (qi == NULL)
+ return;
+ }
+
if (*eap->arg == NUL)
buf = curbuf;
else if (*skipwhite(skipdigits(eap->arg)) == NUL)
diff --git a/src/testdir/test_quickfix.vim b/src/testdir/test_quickfix.vim
index 8d0c198ba..c5e902130 100644
--- a/src/testdir/test_quickfix.vim
+++ b/src/testdir/test_quickfix.vim
@@ -3031,3 +3031,10 @@ func Test_ll_window_ctx()
enew | only
endfunc
+" The following test used to crash vim
+func Test_lbuffer_crash()
+ sp Xtest
+ au QuickFixCmdPre * bw
+ lbuffer
+ au! QuickFixCmdPre
+endfunc
