[vim/vim] :compiler segmentation fault (#5594)
17 views
Skip to first unread message
Daniel Steinberg
Feb 7, 2020, 7:55:39 PM2/7/20
to vim/vim, Subscribed
Description
Running the :compiler command causes a segmentation fault.
To Reproduce
Detailed steps to reproduce the behavior:
- Run
vim --clean - Enter
:compiler gcc - Vim crashes with a segmentation fault
Expected behavior
Vim will continue operating with the specified compiler settings.
Environment
- Vim version
8.2.200 - OS: macOS
10.15.3 - Terminal: Terminal.app
Additional context
This also happens with Vim 8.2.230 on Ubuntu 18.04.3
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Tony Mechelynck
Feb 8, 2020, 2:29:27 AM2/8/20
to vim/vim, Subscribed
I confirm the problem.
In gvim 8.2.230 (Big) with GTK2 GUI on openSUSE Leap 15.1,
:new :compiler gcc
is enough to kill Vim.
Best regards,
Tony.
Dominique Pellé
Feb 8, 2020, 3:27:26 AM2/8/20
to vim/vim, Subscribed
Using vim-8.2.230, I can also reproduce it with:
$ vim --clean -c 'compiler gcc'
Vim: Caught deadly signal SEGV
Vim: Finished
Running with asan:
=================================================================
==16205==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60e0000003a0 at pc 0x557f9ae75517 bp 0x7ffce16cff20 sp 0x7ffce16cff10
READ of size 8 at 0x60e0000003a0 thread T0
#0 0x557f9ae75516 in do_one_cmd /home/pel/sb/vim/src/ex_docmd.c:2499
#1 0x557f9ae6c3c3 in do_cmdline /home/pel/sb/vim/src/ex_docmd.c:978
#2 0x557f9b29bd36 in do_ucmd /home/pel/sb/vim/src/usercmd.c:1653
#3 0x557f9ae752cb in do_one_cmd /home/pel/sb/vim/src/ex_docmd.c:2483
#4 0x557f9ae6c3c3 in do_cmdline /home/pel/sb/vim/src/ex_docmd.c:978
#5 0x557f9b1637fe in do_source /home/pel/sb/vim/src/scriptfile.c:1362
#6 0x557f9b15e392 in source_callback /home/pel/sb/vim/src/scriptfile.c:187
#7 0x557f9b15e984 in do_in_path /home/pel/sb/vim/src/scriptfile.c:292
#8 0x557f9b15edc3 in do_in_path_and_pp /home/pel/sb/vim/src/scriptfile.c:352
#9 0x557f9b15f05f in source_in_path /home/pel/sb/vim/src/scriptfile.c:411
#10 0x557f9b15f025 in source_runtime /home/pel/sb/vim/src/scriptfile.c:402
#11 0x557f9ae67cda in ex_compiler /home/pel/sb/vim/src/ex_cmds2.c:1249
#12 0x557f9ae75396 in do_one_cmd /home/pel/sb/vim/src/ex_docmd.c:2491
#13 0x557f9ae6c3c3 in do_cmdline /home/pel/sb/vim/src/ex_docmd.c:978
#14 0x557f9ae6a8d7 in do_cmdline_cmd /home/pel/sb/vim/src/ex_docmd.c:589
#15 0x557f9b404f6d in exe_commands /home/pel/sb/vim/src/main.c:3139
#16 0x557f9b3fd129 in vim_main2 /home/pel/sb/vim/src/main.c:795
#17 0x557f9b3fc73f in main /home/pel/sb/vim/src/main.c:444
#18 0x7f63d5b67b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
#19 0x557f9ad01cb9 in _start (/home/pel/sb/vim/src/vim+0x131cb9)
0x60e0000003a0 is located 32 bytes to the left of 160-byte region [0x60e0000003c0,0x60e000000460)
allocated by thread T0 here:
#0 0x7f63da15af40 in realloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdef40)
#1 0x557f9afca4b5 in ga_grow /home/pel/sb/vim/src/misc2.c:2069
#2 0x557f9b162fcd in do_source /home/pel/sb/vim/src/scriptfile.c:1292
#3 0x557f9b40527a in source_startup_scripts /home/pel/sb/vim/src/main.c:3187
#4 0x557f9b3fc73a in main /home/pel/sb/vim/src/main.c:432
#5 0x7f63d5b67b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/pel/sb/vim/src/ex_docmd.c:2499 in do_one_cmd
Shadow bytes around the buggy address:
0x0c1c7fff8020: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
0x0c1c7fff8030: 00 00 00 00 00 00 04 fa fa fa fa fa fa fa fa fa
0x0c1c7fff8040: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c1c7fff8050: fd fd fd fa fa fa fa fa fa fa fa fa fd fd fd fd
0x0c1c7fff8060: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c1c7fff8070: fa fa fa fa[fa]fa fa fa 00 00 00 00 00 00 00 00
0x0c1c7fff8080: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa
0x0c1c7fff8090: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
0x0c1c7fff80a0: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
0x0c1c7fff80b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c1c7fff80c0: fd fd fd fd fa fa fa fa fa fa fa fa fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==16205==ABORTING
ex_docmd.c:2499:
2496 #ifdef FEAT_EVAL
2497 // Set flag that any command was executed, used by ex_vim9script().
2498 if (getline_equal(ea.getline, ea.cookie, getsourceline))
!!2499 SCRIPT_ITEM(current_sctx.sc_sid)->sn_had_command = TRUE;
John Little
Feb 8, 2020, 5:54:13 AM2/8/20
to vim_dev
git says
21b9e9773d64de40994f8762173bdd8befa6acf7 is the first bad commit
Date: Sun Jan 26 19:26:46 2020 +0100
patch 8.2.0154: reallocating the list of scripts is inefficient
Problem: Reallocating the list of scripts is inefficient.
Solution: Instead of using a growarray of scriptitem_T, store pointers and
allocate each scriptitem_T separately. Also avoids that the
growarray pointers change when sourcing a new script.
HTH, John LittleDate: Sun Jan 26 19:26:46 2020 +0100
patch 8.2.0154: reallocating the list of scripts is inefficient
Problem: Reallocating the list of scripts is inefficient.
Solution: Instead of using a growarray of scriptitem_T, store pointers and
allocate each scriptitem_T separately. Also avoids that the
growarray pointers change when sourcing a new script.
lacygoill
Feb 10, 2020, 4:21:19 AM2/10/20
to vim/vim, Subscribed
I think this is fixed by 1653155 .
K.Takata
Feb 10, 2020, 4:41:46 AM2/10/20
to vim/vim, Subscribed
Closed #5594.
Reply all
Reply to author
Forward
0 new messages