> > Tracked down the specific test within a particluar test file > > > > $ make test_listlbr_utf8 > > 00:00 Executing Test_linebreak_with_list_and_tabs() > > > > This test has a checkered past > > > > " this was causing a crash > > func Test_linebreak_with_list_and_tabs() > > > > While it's failing here, it there more info I can gather. > > > > =========================> =========================> =============== > > ==1565972==ERROR: AddressSanitizer: heap-buffer-overflow on address> > > 0x60b000001e34 at pc 0x55ef60917392 bp 0x7ffd02091160 sp 0x7ffd02091150 > > WRITE of size 1 at 0x60b000001e34 thread T0 > > #0 0x55ef60917391 in utf_char2bytes /src/tools/vim/src/> mbyte.c:2262 > > #1 0x55ef60573b67 in win_line /src/tools/vim/src/drawli> ne.c:2824 > > #2 0x55ef605a40e4 in win_update /src/tools/vim/src/draw > [...] > > > 0x60b000001e34 is located 0 bytes to the right of 100-byte region > > [0x60b000001dd0,0x60b000001e34) > > allocated by thread T0 here: > > #0 0x7fb1a06b4867 in __interceptor_malloc > > ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145 > > #1 0x55ef604023af in lalloc /src/tools/vim/src/alloc.c:> 246 > > #2 0x55ef6040214e in alloc /src/tools/vim/src/alloc.c:1> 51 > > #3 0x55ef605736f7 in win_line /src/tools/vim/src/drawli> ne.c:2802 > > #4 0x55ef605a40e4 in win_update /src/tools/vim/src/draw> screen.c:2499 > > This would mean that the line: > > p = alloc(len + 1); > > in drawline.c, now at line 2814, does not allocate enough. "len" is > computed from the size of w_lcs_chars.tab2, but it may also use > wp->w_lcs_chars.tab3, perhaps it takes more bytes? > Could change this line: > > len = (tab_len * mb_char2len(wp->w_lcs_chars.tab2)); > > into: > > len = (tab_len * mb_char2len(wp->w_lcs_chars.tab2) > + mb_char2len(wp->w_lcs_chars.tab3)); > > I cannot reproduce it, can you try this change?
One thing I had nog thought of: this part of code is also executed when tab_len is zero. Now that I computed the length correctly, it turned zero (the second character takes two bytes, the third one byte, resulting in length -1). Skipping the code when tab_len is zero may fix the original problem as well. -- You were lucky. We lived for three months in a brown paper bag in a septic tank. We used to have to get up at six o'clock in the morning, clean the bag, eat a crust of stale bread, go to work down mill for fourteen hours a day week in-week out. When we got home, our Dad would thrash us to sleep with his belt! /// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\ /// \\\ \\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ /// \\\ help me help AIDS victims -- http://ICCF-Holland.org /// -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/vim_dev/20221008111338.4423B1C0CD2%40moolenaar.net.
