[vim/vim] handle_osc() causes a crash on MS-Windows (Issue #18450)

6 views
Skip to first unread message

Christian Brabandt

unread,
7:03 AM (13 hours ago) 7:03 AM
to vim/vim, Subscribed
chrisbra created an issue (vim/vim#18450)

Steps to reproduce

I see a crash when running test_popup.vim on the vim-win32-installer repo: https://ci.appveyor.com/project/chrisbra/vim-win32-installer/build/job/5bmf5vkc2if9scuq#L1155

I did run this locally in my local Windows machine and I was able to get the following stacktrace when executing the function Test_complete_func_mess().


gvimd.exe!handle_osc(unsigned char * tp, int len, unsigned char * key_name, int * slen) Zeile 5934
	unter c:\Users\Christian Brabandt\code\vim\src\term.c (5934)
gvimd.exe!check_termcode(int max_offset, unsigned char * buf, int bufsize, int * buflen) Zeile 6451
	unter c:\Users\Christian Brabandt\code\vim\src\term.c (6451)
gvimd.exe!handle_mapping(int * keylenp, int * timedout, int * mapdepth) Zeile 3101
	unter c:\Users\Christian Brabandt\code\vim\src\getchar.c (3101)
gvimd.exe!vgetorpeek(int advance) Zeile 3577
	unter c:\Users\Christian Brabandt\code\vim\src\getchar.c (3577)
gvimd.exe!vpeekc() Zeile 2336
	unter c:\Users\Christian Brabandt\code\vim\src\getchar.c (2336)
gvimd.exe!insertchar(int c, int flags, int second_indent) Zeile 2271
	unter c:\Users\Christian Brabandt\code\vim\src\edit.c (2271)
gvimd.exe!insert_special(int c, int allow_modmask, int ctrlv) Zeile 2100
	unter c:\Users\Christian Brabandt\code\vim\src\edit.c (2100)
gvimd.exe!edit(int cmdchar, int startln, long count) Zeile 1409
	unter c:\Users\Christian Brabandt\code\vim\src\edit.c (1409)
gvimd.exe!invoke_edit(cmdarg_S * cap, int repl, int cmd, int startln) Zeile 7139
	unter c:\Users\Christian Brabandt\code\vim\src\normal.c (7139)
gvimd.exe!nv_edit(cmdarg_S * cap) Zeile 7105
	unter c:\Users\Christian Brabandt\code\vim\src\normal.c (7105)
gvimd.exe!normal_cmd(oparg_S * oap, int toplevel) Zeile 958
	unter c:\Users\Christian Brabandt\code\vim\src\normal.c (958)
gvimd.exe!exec_normal(int was_typed, int use_vpeekc, int may_use_terminal_loop) Zeile 9436
	unter c:\Users\Christian Brabandt\code\vim\src\ex_docmd.c (9436)
gvimd.exe!f_feedkeys(typval_S * argvars, typval_S * rettv) Zeile 5154
	unter c:\Users\Christian Brabandt\code\vim\src\evalfunc.c (5154)
gvimd.exe!call_internal_func(unsigned char * name, int argcount, typval_S * argvars, typval_S * rettv) Zeile 3498
	unter c:\Users\Christian Brabandt\code\vim\src\evalfunc.c (3498)
gvimd.exe!call_func(unsigned char * funcname, int len, typval_S * rettv, int argcount_in, typval_S * argvars_in, funcexe_T * funcexe) Zeile 4176
	unter c:\Users\Christian Brabandt\code\vim\src\userfunc.c (4176)
gvimd.exe!get_func_tv(unsigned char * name, int len, typval_S * rettv, unsigned char * * arg, evalarg_T * evalarg, funcexe_T * funcexe) Zeile 2190
	unter c:\Users\Christian Brabandt\code\vim\src\userfunc.c (2190)
gvimd.exe!ex_call_inner(exarg * eap, unsigned char * name, unsigned char * * arg, unsigned char * startarg, funcexe_T * funcexe_init, evalarg_T * evalarg) Zeile 6510
	unter c:\Users\Christian Brabandt\code\vim\src\userfunc.c (6510)
gvimd.exe!ex_call(exarg * eap) Zeile 6868
	unter c:\Users\Christian Brabandt\code\vim\src\userfunc.c (6868)
gvimd.exe!do_one_cmd(unsigned char * * cmdlinep, int flags, cstack_T * cstack, unsigned char *(*)(int, void *, int, getline_opt_T) fgetline, void * cookie) Zeile 2630
	unter c:\Users\Christian Brabandt\code\vim\src\ex_docmd.c (2630)
gvimd.exe!do_cmdline(unsigned char * cmdline, unsigned char *(*)(int, void *, int, getline_opt_T) fgetline, void * cookie, int flags) Zeile 1041
	unter c:\Users\Christian Brabandt\code\vim\src\ex_docmd.c (1041)
gvimd.exe!do_cmdline_cmd(unsigned char * cmd) Zeile 637
	unter c:\Users\Christian Brabandt\code\vim\src\ex_docmd.c (637)
gvimd.exe!f_assert_fails(typval_S * argvars, typval_S * rettv) Zeile 627
	unter c:\Users\Christian Brabandt\code\vim\src\testing.c (627)
gvimd.exe!call_internal_func(unsigned char * name, int argcount, typval_S * argvars, typval_S * rettv) Zeile 3498
	unter c:\Users\Christian Brabandt\code\vim\src\evalfunc.c (3498)
gvimd.exe!call_func(unsigned char * funcname, int len, typval_S * rettv, int argcount_in, typval_S * argvars_in, funcexe_T * funcexe) Zeile 4176
	unter c:\Users\Christian Brabandt\code\vim\src\userfunc.c (4176)
gvimd.exe!get_func_tv(unsigned char * name, int len, typval_S * rettv, unsigned char * * arg, evalarg_T * evalarg, funcexe_T * funcexe) Zeile 2190
	unter c:\Users\Christian Brabandt\code\vim\src\userfunc.c (2190)
gvimd.exe!ex_call_inner(exarg * eap, unsigned char * name, unsigned char * * arg, unsigned char * startarg, funcexe_T * funcexe_init, evalarg_T * evalarg) Zeile 6510
	unter c:\Users\Christian Brabandt\code\vim\src\userfunc.c (6510)
gvimd.exe!ex_call(exarg * eap) Zeile 6868
	unter c:\Users\Christian Brabandt\code\vim\src\userfunc.c (6868)
gvimd.exe!do_one_cmd(unsigned char * * cmdlinep, int flags, cstack_T * cstack, unsigned char *(*)(int, void *, int, getline_opt_T) fgetline, void * cookie) Zeile 2630
	unter c:\Users\Christian Brabandt\code\vim\src\ex_docmd.c (2630)
gvimd.exe!do_cmdline(unsigned char * cmdline, unsigned char *(*)(int, void *, int, getline_opt_T) fgetline, void * cookie, int flags) Zeile 1041
	unter c:\Users\Christian Brabandt\code\vim\src\ex_docmd.c (1041)
gvimd.exe!call_user_func(ufunc_S * fp, int argcount, typval_S * argvars, typval_S * rettv, funcexe_T * funcexe, dictvar_S * selfdict) Zeile 3312
	unter c:\Users\Christian Brabandt\code\vim\src\userfunc.c (3312)
gvimd.exe!call_user_func_check(ufunc_S * fp, int argcount, typval_S * argvars, typval_S * rettv, funcexe_T * funcexe, dictvar_S * selfdict) Zeile 3485
	unter c:\Users\Christian Brabandt\code\vim\src\userfunc.c (3485)
gvimd.exe!call_func(unsigned char * funcname, int len, typval_S * rettv, int argcount_in, typval_S * argvars_in, funcexe_T * funcexe) Zeile 4158
	unter c:\Users\Christian Brabandt\code\vim\src\userfunc.c (4158)
gvimd.exe!get_func_tv(unsigned char * name, int len, typval_S * rettv, unsigned char * * arg, evalarg_T * evalarg, funcexe_T * funcexe) Zeile 2190
	unter c:\Users\Christian Brabandt\code\vim\src\userfunc.c (2190)
gvimd.exe!ex_call_inner(exarg * eap, unsigned char * name, unsigned char * * arg, unsigned char * startarg, funcexe_T * funcexe_init, evalarg_T * evalarg) Zeile 6510
	unter c:\Users\Christian Brabandt\code\vim\src\userfunc.c (6510)
gvimd.exe!ex_call(exarg * eap) Zeile 6868
	unter c:\Users\Christian Brabandt\code\vim\src\userfunc.c (6868)
gvimd.exe!do_one_cmd(unsigned char * * cmdlinep, int flags, cstack_T * cstack, unsigned char *(*)(int, void *, int, getline_opt_T) fgetline, void * cookie) Zeile 2630
	unter c:\Users\Christian Brabandt\code\vim\src\ex_docmd.c (2630)
gvimd.exe!do_cmdline(unsigned char * cmdline, unsigned char *(*)(int, void *, int, getline_opt_T) fgetline, void * cookie, int flags) Zeile 1041
	unter c:\Users\Christian Brabandt\code\vim\src\ex_docmd.c (1041)
gvimd.exe!nv_colon(cmdarg_S * cap) Zeile 3170
	unter c:\Users\Christian Brabandt\code\vim\src\normal.c (3170)
gvimd.exe!normal_cmd(oparg_S * oap, int toplevel) Zeile 958
	unter c:\Users\Christian Brabandt\code\vim\src\normal.c (958)
gvimd.exe!main_loop(int cmdwin, int noexmode) Zeile 1635
	unter c:\Users\Christian Brabandt\code\vim\src\main.c (1635)
gvimd.exe!vim_main2() Zeile 977
	unter c:\Users\Christian Brabandt\code\vim\src\main.c (977)
gvimd.exe!VimMain(int argc, char * * argv) Zeile 448
	unter c:\Users\Christian Brabandt\code\vim\src\main.c (448)
gvimd.exe!wWinMain(HINSTANCE__ * hInstance, HINSTANCE__ * hPrevInst, wchar_t * lpszCmdLine, int nCmdShow) Zeile 40
	unter c:\Users\Christian Brabandt\code\vim\src\os_w32exe.c (40)
[Externer Code]

and

osc_state	{processing=858861874 start_char=72 'H' buf={ga_len=892416636 ga_maxlen=1768712242 ga_itemsize=538994030 ...} ...}	oscstate_T

It seems like osc_state is not correctly initialized? But not sure if we should actually run into this case on MS-Windows.

Any idea @64-bitman ?

Expected behaviour

see above

Version of Vim

v9.1.1813

Environment

Windows 11

Logs and stack traces





Reply to this email directly, view it on GitHub.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/issues/18450@github.com>




Foxe Chen
unread,
8:19 AM (11 hours ago) 8:19 AM
to vim/vim, Subscribed
64-bitman left a comment (vim/vim#18450)


Does this patch fix it?


diff --git a/src/term.c b/src/term.c
index 0fa5652b3..be5a7c310 100644
--- a/src/term.c
+++ b/src/term.c
@@ -5930,8 +5930,10 @@ handle_osc(char_u *tp, int len, char_u *key_name, int *slen)
 	osc_state.start_char = tp[0];
 	last_char = 0;
     }
-    else
+    else if (osc_state.buf.ga_len > 0)
 	last_char = ((char_u *)osc_state.buf.ga_data)[osc_state.buf.ga_len - 1];
+    else
+	last_char = 0;
 
     key_name[0] = (int)KS_EXTRA;
     key_name[1] = (int)KE_IGNORE;





Reply to this email directly, view it on GitHub.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/issues/18450/3351765145@github.com>




Christian Brabandt
unread,
3:56 PM (4 hours ago) 3:56 PM
to vim/vim, Subscribed
chrisbra left a comment (vim/vim#18450)


That is not the problem, out_pos() overflows and makes osc_state invalid. I'll revert that  patch




Reply to this email directly, view it on GitHub.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/issues/18450/3353593830@github.com>




Christian Brabandt
unread,
4:03 PM (4 hours ago) 4:03 PM
to vim/vim, Subscribed


Closed #18450 as completed via 4403c67.




Reply to this email directly, view it on GitHub.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/issue/18450/issue_event/20018441658@github.com>


Reply all
Reply to author
Forward
0 new messages