Dominique wrote:
> afl-fuzz found this case which causes vim-8.1.59 > and older to sometimes crash: > > $ vim --clean -c new -c new -c 'au * * bw' -c lbuffer -cq > Vim: Caught deadly signal SEGV > Vim: Finished. > Segmentation fault (core dumped) > > Valgrind says: > > ==7895== Memcheck, a memory error detector > ==7895== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. > ==7895== Using Valgrind-3.14.0.GIT and LibVEX; rerun with -h for copyright > info > ==7895== Command: ./vim --clean -c new -c new -c au\ *\ *\ bw -c lbuffer -cq > ==7895== > ==7895== Invalid read of size 4 > ==7895== at 0x246C1F: qf_jump (quickfix.c:2909) > ==7895== by 0x1A0D01: do_one_cmd (ex_docmd.c:2886) > ==7895== by 0x1A0D01: do_cmdline (ex_docmd.c:1040) > ==7895== by 0x31AE2F: exe_commands (main.c:2937) > ==7895== by 0x31AE2F: vim_main2 (main.c:812) > ==7895== by 0x139B0C: main (main.c:443) > ==7895== Address 0x92cb898 is 8 bytes inside a block of size 1,216 free'd > ==7895== at 0x4C30CF0: free (vg_replace_malloc.c:530) > ==7895== by 0x24690B: qf_free_all (quickfix.c:1702) > ==7895== by 0x2E1BDE: win_free (window.c:4717) > ==7895== by 0x2E3633: win_free_mem (window.c:2596) > ==7895== by 0x2E3633: win_close (window.c:2441) > ==7895== by 0x145097: do_buffer (buffer.c:1432) > ==7895== by 0x1458D5: do_bufdel (buffer.c:1112) > ==7895== by 0x197A54: ex_bunload (ex_docmd.c:5532) > ==7895== by 0x1A0D01: do_one_cmd (ex_docmd.c:2886) > ==7895== by 0x1A0D01: do_cmdline (ex_docmd.c:1040) > ==7895== by 0x1BBDB0: apply_autocmds_group (fileio.c:9690) > ==7895== by 0x1BC6F3: apply_autocmds (fileio.c:9203) > ==7895== by 0x24BDA3: ex_cbuffer (quickfix.c:6275) > ==7895== by 0x1A0D01: do_one_cmd (ex_docmd.c:2886) > ==7895== by 0x1A0D01: do_cmdline (ex_docmd.c:1040) > ==7895== by 0x31AE2F: exe_commands (main.c:2937) > ==7895== by 0x31AE2F: vim_main2 (main.c:812) > ==7895== by 0x139B0C: main (main.c:443) > ==7895== Block was alloc'd at > ==7895== at 0x4C2FBF6: malloc (vg_replace_malloc.c:299) > ==7895== by 0x1FFD30: lalloc (misc2.c:976) > ==7895== by 0x2430BD: ll_new_list (quickfix.c:1816) > ==7895== by 0x243D9C: ll_get_or_alloc_list (quickfix.c:1844) > ==7895== by 0x24BAE6: ex_cbuffer (quickfix.c:6233) > ==7895== by 0x1A0D01: do_one_cmd (ex_docmd.c:2886) > ==7895== by 0x1A0D01: do_cmdline (ex_docmd.c:1040) > ==7895== by 0x31AE2F: exe_commands (main.c:2937) > ==7895== by 0x31AE2F: vim_main2 (main.c:812) > ==7895== by 0x139B0C: main (main.c:443) > > Doing bwipe inside an autocommand is asking for > trouble, but perhaps avoid the crash anyway. Yes, that's a nasty autocommand, but Vim should not crash. I'll make a fix. -- ERROR 047: Keyboard not found. Press RETURN to continue. /// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org /// -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
