Crash within the last 8 or so patches

[Christian J. Robinson]

I can't localize it but I'm getting crashes using the latest Vim; the crash isn't happening consistently.

--

Christian J. Robinson <hep...@gmail.com>

[Dominique Pellé]

Christian J. Robinson wrote:

> I can't localize it but I'm getting crashes using the latest Vim; the crash isn't happening consistently.

Are you able to reproduce with an asan build? (address sanitizer).

It should be a matter of uncommenting these lines in vim/src/Makefile
then "make clean ; make -j8":

SANITIZER_CFLAGS = -g -O0 -fsanitize-recover=all \
-fsanitize=address -fsanitize=undefined \
-fno-omit-frame-pointer

Then try to reproduce the bug. If asan finds memory issues,
it will output useful information on stderr, so it may be useful
to redirect stderr with: vim 2> asan.log

Regards
Dominique

[Christian J. Robinson]

Unfortunately no, as I'm building under cygwin, but I was able to get a gdb backtrace:

#0  0x0000000100716a4e in skipwhite (q=0x9 <error: Cannot access memory at address 0x9>) at charset.c:1474
#1  0x000000010045dfed in eval0_retarg (arg=0x800cf2c56 "b:htmlplugin.internal_template->functions.ConvertCase()", rettv=0xffff8420, eap=0xffff85e0, evalarg=0xffff8380, retarg=0x0) at eval.c:2326
#2  0x000000010045df50 in eval0 (arg=0x800cf2c56 "b:htmlplugin.internal_template->functions.ConvertCase()", rettv=0xffff8420, eap=0xffff85e0, evalarg=0xffff8380) at eval.c:2299
#3  0x00000001004778e8 in ex_let (eap=0xffff85e0) at evalvars.c:901
#4  0x000000010047712e in ex_var (eap=0xffff85e0) at evalvars.c:718
#5  0x0000000100491bbd in do_one_cmd (cmdlinep=0xffff8e18, flags=7, cstack=0xffff87e0, fgetline=0x1005cbd19 <getsourceline>, cookie=0xffff8f60) at ex_docmd.c:2573
#6  0x000000010048eae3 in do_cmdline (cmdline=0x800c4ca90 "vim9script", fgetline=0x1005cbd19 <getsourceline>, cookie=0xffff8f60, flags=7) at ex_docmd.c:993
#7  0x00000001005cb37d in do_source (fname=0x800c3fb20 "/home/Heptite/.vim/pack/cjr/start/HTML/ftplugin/html/HTML.vim", check_other=0, is_vimrc=0, ret_sid=0x0) at scriptfile.c:1512
#8  0x00000001005c8b39 in source_callback (fname=0x800c3fb20 "/home/Heptite/.vim/pack/cjr/start/HTML/ftplugin/html/HTML.vim", cookie=0x0) at scriptfile.c:239
#9  0x00000001005c9080 in do_in_path (
    path=0x8003acfe0 "/home/Heptite/.vim,/home/Heptite/.vim/pack/tpope/start/vim-surround,/home/Heptite/.vim/pack/tpope/start/vim-repeat,/home/Heptite/.vim/pack/tpope/start/vim-fugitive,/home/Heptite/.vim/pack/skywind/star"...,
    name=0x800c1f589 "ftplugin/html.vim ftplugin/html_*.vim ftplugin/html/*.vim", flags=1, callback=0x1005c8b0e <source_callback>, cookie=0x0) at scriptfile.c:442
#10 0x00000001005c9220 in do_in_path_and_pp (
    path=0x8003acfe0 "/home/Heptite/.vim,/home/Heptite/.vim/pack/tpope/start/vim-surround,/home/Heptite/.vim/pack/tpope/start/vim-repeat,/home/Heptite/.vim/pack/tpope/start/vim-fugitive,/home/Heptite/.vim/pack/skywind/star"...,
    name=0x800c1f589 "ftplugin/html.vim ftplugin/html_*.vim ftplugin/html/*.vim", flags=1, callback=0x1005c8b0e <source_callback>, cookie=0x0) at scriptfile.c:502
#11 0x00000001005c945a in source_in_path (
    path=0x8003acfe0 "/home/Heptite/.vim,/home/Heptite/.vim/pack/tpope/start/vim-surround,/home/Heptite/.vim/pack/tpope/start/vim-repeat,/home/Heptite/.vim/pack/tpope/start/vim-fugitive,/home/Heptite/.vim/pack/skywind/star"...,
    name=0x800c1f589 "ftplugin/html.vim ftplugin/html_*.vim ftplugin/html/*.vim", flags=1, ret_sid=0x0) at scriptfile.c:562
#12 0x00000001005c9416 in source_runtime (name=0x800c1f589 "ftplugin/html.vim ftplugin/html_*.vim ftplugin/html/*.vim", flags=1) at scriptfile.c:552
#13 0x00000001005c8b07 in ex_runtime (eap=0xffff9370) at scriptfile.c:233
#14 0x0000000100491bbd in do_one_cmd (cmdlinep=0xffff9ba8, flags=3, cstack=0xffff9570, fgetline=0x10048f863 <get_loop_line>, cookie=0xffff9fc0) at ex_docmd.c:2573
#15 0x000000010048eae3 in do_cmdline (cmdline=0x800c1f5d0 "runtime! ftplugin/html.vim ftplugin/html_*.vim ftplugin/html/*.vim", fgetline=0x10048f863 <get_loop_line>, cookie=0xffff9fc0, flags=3) at ex_docmd.c:993
#16 0x0000000100465850 in ex_execute (eap=0xffff9e50) at eval.c:6463
#17 0x0000000100491bbd in do_one_cmd (cmdlinep=0xffffa688, flags=7, cstack=0xffffa050, fgetline=0x10048f863 <get_loop_line>, cookie=0xffff9fc0) at ex_docmd.c:2573
#18 0x000000010048eae3 in do_cmdline (cmdline=0x0, fgetline=0x100663461 <get_func_line>, cookie=0x800c3eb10, flags=7) at ex_docmd.c:993
#19 0x000000010065d8a0 in call_user_func (fp=0x800339ca0, argcount=0, argvars=0xffffaf30, rettv=0xffffb200, funcexe=0xffffb0f0, selfdict=0x0) at userfunc.c:2789
#20 0x000000010065deb3 in call_user_func_check (fp=0x800339ca0, argcount=0, argvars=0xffffaf30, rettv=0xffffb200, funcexe=0xffffb0f0, selfdict=0x0) at userfunc.c:2936
#21 0x000000010065edfd in call_func (funcname=0x800c40160 "\200\375R5_LoadFTPlugin", len=-1, rettv=0xffffb200, argcount_in=0, argvars_in=0xffffaf30, funcexe=0xffffb0f0) at userfunc.c:3483
#22 0x000000010065b4bd in get_func_tv (name=0x800c40160 "\200\375R5_LoadFTPlugin", len=-1, rettv=0xffffb200, arg=0xffffb220, evalarg=0xffffb150, funcexe=0xffffb0f0) at userfunc.c:1773
#23 0x0000000100662f7c in ex_call (eap=0xffffb380) at userfunc.c:5260
#24 0x0000000100491bbd in do_one_cmd (cmdlinep=0xffffbbb8, flags=7, cstack=0xffffb580, fgetline=0x100408930 <getnextac>, cookie=0xffffbd00) at ex_docmd.c:2573
#25 0x000000010048eae3 in do_cmdline (cmdline=0x0, fgetline=0x100408930 <getnextac>, cookie=0xffffbd00, flags=7) at ex_docmd.c:993
#26 0x000000010040828a in apply_autocmds_group (event=EVENT_FILETYPE, fname=0x800c1f720 "html", fname_io=0x0, force=1, group=-3, buf=0x800084470, eap=0x0) at autocmd.c:2188
#27 0x0000000100407836 in apply_autocmds (event=EVENT_FILETYPE, fname=0x800bfc980 "html", fname_io=0x0, force=1, buf=0x800084470) at autocmd.c:1682
#28 0x000000010055949c in did_set_string_option (opt_idx=opt_idx@entry=106, varp=varp@entry=0x800086028, new_value_alloced=<optimized out>, new_value_alloced@entry=1, oldval=0x8000878b0 "html", errbuf=errbuf@entry=0x0,
    opt_flags=opt_flags@entry=4, value_checked=value_checked@entry=0xffffc034) at optionstr.c:2568
#29 0x000000010055c6c7 in set_string_option (opt_idx=106, value=<optimized out>, opt_flags=4) at optionstr.c:544
#30 0x000000010049ebb5 in ex_setfiletype (eap=0xffffc1f0) at ex_docmd.c:9442
#31 0x0000000100491bbd in do_one_cmd (cmdlinep=0xffffca28, flags=11, cstack=0xffffc3f0, fgetline=0x0, cookie=0x0) at ex_docmd.c:2573
#32 0x000000010048eae3 in do_cmdline (cmdline=0x80004a830 "setf html", fgetline=0x0, cookie=0x0, flags=11) at ex_docmd.c:993
#33 0x000000010048df14 in do_cmdline_cmd (cmd=0x80004a830 "setf html") at ex_docmd.c:587
#34 0x000000010071e597 in exe_commands (parmp=0x1007e9040 <params>) at main.c:3091
#35 0x000000010071aea5 in vim_main2 () at main.c:774
#36 0x000000010071a700 in main (argc=3, argv=0xffffcc30) at main.c:426

--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

---
You received this message because you are subscribed to the Google Groups "vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vim_dev/CAON-T_jrfMPCBxrrJ%2BVTpL3PVZ7HZD8kq41MeJDiRfADjUd66A%40mail.gmail.com.

[Dominique Pellé]

Christian J. Robinson wrote:

> Unfortunately no, as I'm building under cygwin, but I was able to get a gdb backtrace:
>
> #0 0x0000000100716a4e in skipwhite (q=0x9 <error: Cannot access memory at address 0x9>) at charset.c:1474
> #1 0x000000010045dfed in eval0_retarg (arg=0x800cf2c56 "b:htmlplugin.internal_template->functions.ConvertCase()", rettv=0xffff8420, eap=0xffff85e0, evalarg=0xffff8380, retarg=0x0) at eval.c:2326
> #2 0x000000010045df50 in eval0 (arg=0x800cf2c56 "b:htmlplugin.internal_template->functions.ConvertCase()", rettv=0xffff8420, eap=0xffff85e0, evalarg=0xffff8380) at eval.c:2299
> #3 0x00000001004778e8 in ex_let (eap=0xffff85e0) at evalvars.c:901
> #4 0x000000010047712e in ex_var (eap=0xffff85e0) at evalvars.c:718
> #5 0x0000000100491bbd in do_one_cmd (cmdlinep=0xffff8e18, flags=7, cstack=0xffff87e0, fgetline=0x1005cbd19 <getsourceline>, cookie=0xffff8f60) at ex_docmd.c:2573
> #6 0x000000010048eae3 in do_cmdline (cmdline=0x800c4ca90 "vim9script", fgetline=0x1005cbd19 <getsourceline>, cookie=0xffff8f60, flags=7) at ex_docmd.c:993
> #7 0x00000001005cb37d in do_source (fname=0x800c3fb20 "/home/Heptite/.vim/pack/cjr/start/HTML/ftplugin/html/HTML.vim", check_other=0, is_vimrc=0, ret_sid=0x0) at scriptfile.c:1512
> #8 0x00000001005c8b39 in source_callback (fname=0x800c3fb20 "/home/Heptite/.vim/pack/cjr/start/HTML/ftplugin/html/HTML.vim", cookie=0x0) at scriptfile.c:239

In the stack, I see
"/home/Heptite/.vim/pack/cjr/start/HTML/ftplugin/html/HTML.vim".
Is this plugin available for others to try to reproduce the crash?

Regards
Dominique

[Bram Moolenaar]

Christian J. Robinson wrote:

> Unfortunately no, as I'm building under cygwin, but I was able to get a gdb
> backtrace:
>
> #0 0x0000000100716a4e in skipwhite (q=0x9 <error: Cannot access memory at
> address 0x9>) at charset.c:1474
> #1 0x000000010045dfed in eval0_retarg (arg=0x800cf2c56
> "b:htmlplugin.internal_template->functions.ConvertCase()",
> rettv=0xffff8420, eap=0xffff85e0, evalarg=0xffff8380, retarg=0x0) at
> eval.c:2326

That is enough to see the cause of the problem, "0x9" indicates using a
NULL pointer with an offset. I'll make a fix.

--
Some say the world will end in fire; some say in segfaults.
I say it will end in a curly bracket.

/// Bram Moolenaar -- Br...@Moolenaar.net -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///