Patch 8.2.0133
18 views
Skip to first unread message
Bram Moolenaar
Jan 20, 2020, 2:23:13 PM1/20/20
to vim...@googlegroups.com
Patch 8.2.0133
Problem: Invalid memory access with search command.
Solution: When :normal runs out of characters in bracketed paste mode break
out of the loop.(closes #5511)
Files: src/testdir/test_search.vim, src/edit.c
*** ../vim-8.2.0132/src/testdir/test_search.vim 2019-12-21 22:00:46.300138235 +0100
--- src/testdir/test_search.vim 2020-01-20 20:04:11.194839037 +0100
***************
*** 1449,1451 ****
--- 1449,1456 ----
bwipe!
endfunc
+
+ func Test_search_special()
+ " this was causing illegal memory access
+ exe "norm /\x80PS"
+ endfunc
*** ../vim-8.2.0132/src/edit.c 2020-01-09 21:35:44.912474257 +0100
--- src/edit.c 2020-01-20 20:16:52.791563389 +0100
***************
*** 4959,4967 ****
do
c = vgetc();
while (c == K_IGNORE || c == K_VER_SCROLLBAR || c == K_HOR_SCROLLBAR);
! if (c == NUL || got_int)
// When CTRL-C was encountered the typeahead will be flushed and we
! // won't get the end sequence.
break;
if (has_mbyte)
--- 4959,4967 ----
do
c = vgetc();
while (c == K_IGNORE || c == K_VER_SCROLLBAR || c == K_HOR_SCROLLBAR);
! if (c == NUL || got_int || (ex_normal_busy > 0 && c == Ctrl_C))
// When CTRL-C was encountered the typeahead will be flushed and we
! // won't get the end sequence. Except when using ":normal".
break;
if (has_mbyte)
*** ../vim-8.2.0132/src/version.c 2020-01-19 20:18:04.310312788 +0100
--- src/version.c 2020-01-20 20:22:10.414388728 +0100
***************
*** 744,745 ****
--- 744,747 ----
{ /* Add new patch number below this line */
+ /**/
+ 133,
/**/
--
ARTHUR: I've said I'm sorry about the old woman, but from the behind you
looked ...
DENNIS: What I object to is that you automatically treat me like an inferior...
ARTHUR: Well ... I AM king.
"Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD
/// Bram Moolenaar -- Br...@Moolenaar.net -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
Dominique Pellé
Jan 20, 2020, 2:42:50 PM1/20/20
to vim_dev
Bram Moolenaar wrote:
> Patch 8.2.0133
> Problem: Invalid memory access with search command.
> Solution: When :normal runs out of characters in bracketed paste mode break
> out of the loop.(closes #5511)
The test passes, but vim-8.2.133 still crashes when doing:
> Patch 8.2.0133
> Problem: Invalid memory access with search command.
> Solution: When :normal runs out of characters in bracketed paste mode break
> out of the loop.(closes #5511)
$ ./vim --clean -e -s -c 'exe "norm /\x80PS"'
Segmentation fault (core dumped)
Running with valgrind gives:
==8332== Memcheck, a memory error detector
==8332== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==8332== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==8332== Command: ./vim --clean -e -s -c exe\ "norm\ /\\x80PS"
==8332==
==8332== Invalid read of size 1
==8332== at 0x4C32CF2: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==8332== by 0x1747A4: bracketed_paste (edit.c:4945)
==8332== by 0x1B8E05: getcmdline_int (ex_getln.c:2266)
==8332== by 0x21EE61: nv_search (normal.c:4250)
==8332== by 0x2248BE: normal_cmd (normal.c:1071)
==8332== by 0x1AAD2C: exec_normal (ex_docmd.c:7697)
==8332== by 0x1AAF8F: ex_normal (ex_docmd.c:7591)
==8332== by 0x1AF0EF: do_one_cmd (ex_docmd.c:2482)
==8332== by 0x1AF0EF: do_cmdline (ex_docmd.c:975)
==8332== by 0x17EE35: ex_execute (eval.c:6129)
==8332== by 0x1AF0EF: do_one_cmd (ex_docmd.c:2482)
==8332== by 0x1AF0EF: do_cmdline (ex_docmd.c:975)
==8332== by 0x336FA7: exe_commands (main.c:3135)
==8332== by 0x336FA7: vim_main2 (main.c:795)
==8332== by 0x13AB2C: main (main.c:444)
==8332== Address 0x0 is not stack'd, malloc'd or (recently) free'd
Regards
Dominique
Bram Moolenaar
Jan 20, 2020, 3:13:03 PM1/20/20
to vim...@googlegroups.com, Dominique Pellé
Dominique wrote:
> > Patch 8.2.0133
> > Problem: Invalid memory access with search command.
> > Solution: When :normal runs out of characters in bracketed paste mode break
> > out of the loop.(closes #5511)
>
> The test passes, but vim-8.2.133 still crashes when doing:
>
> $ ./vim --clean -e -s -c 'exe "norm /\x80PS"'
> Segmentation fault (core dumped)
>
> Running with valgrind gives:
>
> ==8332== Memcheck, a memory error detector
> ==8332== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
> ==8332== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
> ==8332== Command: ./vim --clean -e -s -c exe\ "norm\ /\\x80PS"
> ==8332==
> ==8332== Invalid read of size 1
> ==8332== at 0x4C32CF2: strlen (in
> /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==8332== by 0x1747A4: bracketed_paste (edit.c:4945)
> ==8332== by 0x1B8E05: getcmdline_int (ex_getln.c:2266)
t_PE works to reproduce it.
--
"The future's already arrived - it's just not evenly distributed yet."
-- William Gibson
Reply all
Reply to author
Forward
0 new messages