Hi Dominique, On Tue, Dec 19, 2017 at 12:31 AM, Dominique Pellé <vim-dev-git...@256bit.org> wrote: > I can reproduce it with vim-8.0.1406 with this simpler case: > > $ ./vim -u NONE -c'sv x' -c'au * * bw' -clb -cq > Vim: Caught deadly signal SEGV >
Thanks for the simplified test. I am attaching a patch for this crash with a test. Regards, Yegappan > > Vim: Finished. > Segmentation fault (core dumped) > > $ valgrind --num-callers=50 ./vim -u NONE -e -s -c'sv x' -c'au * * bw' -clb > -cq > ==7897== Memcheck, a memory error detector > ==7897== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. > ==7897== Using Valgrind-3.14.0.GIT and LibVEX; rerun with -h for copyright > info > ==7897== Command: ./vim -u NONE -e -s -csv\ x -cau\ *\ *\ bw -clb -cq > ==7897== > ==7897== Invalid read of size 4 > ==7897== at 0x5221D3: ex_cbuffer (quickfix.c:5569) > ==7897== by 0x468ABC: do_one_cmd (ex_docmd.c:2908) > ==7897== by 0x464D3D: do_cmdline (ex_docmd.c:1071) > ==7897== by 0x625A4C: exe_commands (main.c:2953) > ==7897== by 0x625A4C: vim_main2 (main.c:800) > ==7897== by 0x6245E4: main (main.c:429) > ==7897== Address 0xce430f8 is 8 bytes inside a block of size 1,216 free'd > ==7897== at 0x4C2ECF0: free (vg_replace_malloc.c:530) > ==7897== by 0x51B9D7: qf_free_all (quickfix.c:1432) > ==7897== by 0x5D60A0: win_free (window.c:4692) > ==7897== by 0x5D3C83: win_free_mem (window.c:2572) > ==7897== by 0x5D3C83: win_close (window.c:2413) > ==7897== by 0x410BD2: do_buffer (buffer.c:1456) > ==7897== by 0x411B9A: do_bufdel (buffer.c:1133) > ==7897== by 0x46F1D3: ex_bunload (ex_docmd.c:5535) > ==7897== by 0x468ABC: do_one_cmd (ex_docmd.c:2908) > ==7897== by 0x464D3D: do_cmdline (ex_docmd.c:1071) > ==7897== by 0x492EA7: apply_autocmds_group (fileio.c:9719) > ==7897== by 0x48B519: apply_autocmds (fileio.c:9253) > ==7897== by 0x5220B7: ex_cbuffer (quickfix.c:5530) > ==7897== by 0x468ABC: do_one_cmd (ex_docmd.c:2908) > ==7897== by 0x464D3D: do_cmdline (ex_docmd.c:1071) > ==7897== by 0x625A4C: exe_commands (main.c:2953) > ==7897== by 0x625A4C: vim_main2 (main.c:800) > ==7897== by 0x6245E4: main (main.c:429) > ==7897== Block was alloc'd at > ==7897== at 0x4C2DBF6: malloc (vg_replace_malloc.c:299) > ==7897== by 0x4D4E87: lalloc (misc2.c:954) > ==7897== by 0x522009: ll_new_list (quickfix.c:1536) > ==7897== by 0x522009: ll_get_or_alloc_list (quickfix.c:1564) > ==7897== by 0x522009: ex_cbuffer (quickfix.c:5514) > ==7897== by 0x468ABC: do_one_cmd (ex_docmd.c:2908) > ==7897== by 0x464D3D: do_cmdline (ex_docmd.c:1071) > ==7897== by 0x625A4C: exe_commands (main.c:2953) > ==7897== by 0x625A4C: vim_main2 (main.c:800) > ==7897== by 0x6245E4: main (main.c:429) > (more errors after that) > > It's again a case of using a rogue autocommand that > wipes out the buffer. > -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
diff --git a/src/quickfix.c b/src/quickfix.c index 6e80ddfca..1a9da025c 100644 --- a/src/quickfix.c +++ b/src/quickfix.c @@ -5520,14 +5520,6 @@ ex_cbuffer(exarg_T *eap) #endif int res; - if (eap->cmdidx == CMD_lbuffer || eap->cmdidx == CMD_lgetbuffer - || eap->cmdidx == CMD_laddbuffer) - { - qi = ll_get_or_alloc_list(curwin); - if (qi == NULL) - return; - } - #ifdef FEAT_AUTOCMD switch (eap->cmdidx) { @@ -5549,6 +5541,15 @@ ex_cbuffer(exarg_T *eap) } #endif + if (eap->cmdidx == CMD_lbuffer + || eap->cmdidx == CMD_lgetbuffer + || eap->cmdidx == CMD_laddbuffer) + { + qi = ll_get_or_alloc_list(curwin); + if (qi == NULL) + return; + } + if (*eap->arg == NUL) buf = curbuf; else if (*skipwhite(skipdigits(eap->arg)) == NUL) diff --git a/src/testdir/test_quickfix.vim b/src/testdir/test_quickfix.vim index 8d0c198ba..c5e902130 100644 --- a/src/testdir/test_quickfix.vim +++ b/src/testdir/test_quickfix.vim @@ -3031,3 +3031,10 @@ func Test_ll_window_ctx() enew | only endfunc +" The following test used to crash vim +func Test_lbuffer_crash() + sp Xtest + au QuickFixCmdPre * bw + lbuffer + au! QuickFixCmdPre +endfunc