[vim/vim] SIGABRT in vim9script list-unpack (Issue #9968)
19 views
Skip to first unread message
FalacerSelene
Mar 18, 2022, 6:02:23 AM3/18/22
to vim/vim, Subscribed
Steps to reproduce
Sourcing the following script causes vim to enter with a SIGABRT
In file test.vim:
vim9script
def Bang()
var lines: list<string> = ["hello there", "goodbye now"]
for [first; next] in mapnew(lines, (i, v) => split(v))
:echomsg first next
endfor
enddef
Bang()
0|tanaris|vim|master%> vim -u NONE -S test.vim
Vim: Caught deadly signal ABRT
Vim: Finished.
zsh: abort vim -u NONE -S test.vim
%
0|tanaris|vim|master%>
The crash goes away if I replace the ; with a ,.
Expected behaviour
Vim does not crash - lines are echoed as expected.
Version of Vim
Vim 8.2.4583 compiled with default options
Environment
OS: WSL2(ubuntu) on Windows 11
$SHELL: /bin/zsh (zsh 5.8 (x86_64-ubuntu-linux-gnu))
$TERM: screen-256color (hyper-terminal for windows)
Logs and stack traces
In non-toy examples I got the errors: Vim: Caught deadly signal ABRT malloc_consolidate(): invalid chunk size Vim: Finished. Vim: Double signal, exiting malloc(): unsorted double linked list corrupted
Although I can't reliably reproduce this.
—
Reply to this email directly, view it on GitHub.
Triage notifications on the go with GitHub Mobile for iOS or Android.
You are receiving this because you are subscribed to this thread.
FalacerSelene
Mar 18, 2022, 6:09:29 AM3/18/22
to vim/vim, Subscribed
The test script can be made simpler:
vim9script
def Bang()
for [first; next] in [["hello", "there"]]
# do nothing
endfor
enddef
Bang()
If I remove either the for loop or the function definition and call then it doesn't crash.
—
Reply to this email directly, view it on GitHub.
Triage notifications on the go with GitHub Mobile for iOS or Android.
You are receiving this because you are subscribed to this thread.
lacygoill
Mar 18, 2022, 6:18:40 AM3/18/22
to vim/vim, Subscribed
Backtrace:
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
set =
{__val = {0, 93824994647933, 140737341703960, 140737488330080, 4294967295, 140737488355327, 93824996498296, 140737488330048, 110, 0, 0, 0, 4294967297, 999999, 140737488330392, 140737488330296}}
pid = <optimized out>
tid = <optimized out>
#1 0x00007ffff6f51859 in __GI_abort () at abort.c:79
save_stage = 1
act =
{__sigaction_handler = {sa_handler = 0x555555962f70, sa_sigaction = 0x555555962f70}, sa_mask = {__val = {3, 93824996486720, 214748364812, 214748364824, 93824996496720, 3, 0, 42949672992, 0, 0, 0, 0, 0, 0, 0, 214748364816}}, sa_flags = 0, sa_restorer = 0x555555962fd0}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x00007ffff6fbc29e in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff70e6298 "%s\n")
at ../sysdeps/posix/libc_fatal.c:155
ap = {{gp_offset = 24, fp_offset = 0, overflow_arg_area = 0x7fffffff9fe0, reg_save_area = 0x7fffffff9f70}}
fd = <optimized out>
list = <optimized out>
nlist = <optimized out>
cp = <optimized out>
#3 0x00007ffff6fc432c in malloc_printerr (str=str@entry=0x7ffff70e85d0 "free(): double free detected in tcache 2")
at malloc.c:5347
#4 0x00007ffff6fc5f9d in _int_free (av=0x7ffff711bb80 <main_arena>, p=0x555555965ac0, have_lock=0) at malloc.c:4201
tmp = <optimized out>
e = 0x555555965ad0
tc_idx = 0
size = 32
fb = <optimized out>
nextchunk = <optimized out>
nextsize = <optimized out>
nextinuse = <optimized out>
prevsize = <optimized out>
bck = <optimized out>
fwd = <optimized out>
__PRETTY_FUNCTION__ = "_int_free"
#5 0x0000555555782767 in clear_tv ()
#6 0x0000555555672d70 in list_free_contents ()
#7 0x0000555555673309 in list_free.part ()
#8 0x00005555557827b1 in clear_tv ()
#9 0x00005555557ac83d in call_def_function ()
#10 0x0000555555796595 in call_user_func ()
#11 0x00005555557973dd in call_user_func_check ()
#12 0x0000555555797958 in call_func ()
#13 0x0000555555798006 in get_func_tv ()
#14 0x00005555555eff4b in eval_func ()
#15 0x00005555555f5535 in eval7 ()
#16 0x00005555555f5b18 in eval7t ()
#17 0x00005555555f60f4 in eval5 ()
#18 0x00005555555f670c in eval4 ()
#19 0x00005555555f6ddd in eval1 ()
#20 0x00005555555f7dac in eval0_retarg ()
#21 0x000055555562a99d in ex_eval ()
#22 0x00005555556276fc in do_cmdline ()
#23 0x000055555571f28c in do_source ()
#24 0x0000555555720113 in cmd_source ()
#25 0x00005555556276fc in do_cmdline ()
#26 0x000055555580811e in vim_main2 ()
#27 0x00005555555a5f6f in main ()
Ubsan log:
free(): double free detected in tcache 2
Valgrind log:
==233446== Memcheck, a memory error detector
==233446== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==233446== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==233446== Command: ./src/vim -Nu NONE -S /tmp/crash.vim
==233446== Parent PID: 216736
==233446==
==233446== Invalid free() / delete / delete[] / realloc()
==233446== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==233446== by 0x336766: clear_tv (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x226D6F: list_free_contents (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x227308: list_free.part.0 (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x3367B0: clear_tv (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x36083C: call_def_function (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x34A594: call_user_func (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x34B3DC: call_user_func_check (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x34B957: call_func (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x34C005: get_func_tv (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1A3F4A: eval_func (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1A9534: eval7 (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1A9B17: eval7t (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1AA0F3: eval5 (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1AA70B: eval4 (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1AADDC: eval1 (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1ABDAB: eval0_retarg (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1DE99C: ex_eval (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1DB6FB: do_cmdline (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x2D328B: do_source (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x2D4112: cmd_source (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1DB6FB: do_cmdline (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x3BC11D: vim_main2 (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x159F6E: main (in /home/lgc/Vcs/vim/src/vim)
==233446== Address 0x64a3b20 is 0 bytes inside a block of size 6 free'd
==233446== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==233446== by 0x336766: clear_tv (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x226D6F: list_free_contents (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x227308: list_free.part.0 (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x3367B0: clear_tv (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x226D6F: list_free_contents (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x227308: list_free.part.0 (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x3367B0: clear_tv (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x35DB4B: exec_instructions (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x36072F: call_def_function (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x34A594: call_user_func (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x34B3DC: call_user_func_check (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x34B957: call_func (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x34C005: get_func_tv (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1A3F4A: eval_func (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1A9534: eval7 (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1A9B17: eval7t (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1AA0F3: eval5 (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1AA70B: eval4 (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1AADDC: eval1 (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1ABDAB: eval0_retarg (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1DE99C: ex_eval (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1DB6FB: do_cmdline (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x2D328B: do_source (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x2D4112: cmd_source (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1DB6FB: do_cmdline (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x3BC11D: vim_main2 (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x159F6E: main (in /home/lgc/Vcs/vim/src/vim)
==233446== Block was alloc'd at
==233446== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==233446== by 0x15B709: lalloc (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x300EEE: vim_strsave (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x35EB98: exec_instructions (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x36072F: call_def_function (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x34A594: call_user_func (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x34B3DC: call_user_func_check (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x34B957: call_func (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x34C005: get_func_tv (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1A3F4A: eval_func (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1A9534: eval7 (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1A9B17: eval7t (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1AA0F3: eval5 (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1AA70B: eval4 (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1AADDC: eval1 (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1ABDAB: eval0_retarg (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1DE99C: ex_eval (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1DB6FB: do_cmdline (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x2D328B: do_source (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x2D4112: cmd_source (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x1DB6FB: do_cmdline (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x3BC11D: vim_main2 (in /home/lgc/Vcs/vim/src/vim)
==233446== by 0x159F6E: main (in /home/lgc/Vcs/vim/src/vim)
==233446==
==233446==
==233446== HEAP SUMMARY:
==233446== in use at exit: 374,985 bytes in 2,440 blocks
==233446== total heap usage: 5,463 allocs, 3,024 frees, 1,520,685 bytes allocated
—
Reply to this email directly, view it on GitHub.
Triage notifications on the go with GitHub Mobile for iOS or Android.
You are receiving this because you are subscribed to this thread.
lacygoill
Mar 18, 2022, 6:25:12 AM3/18/22
to vim/vim, Subscribed
Sorry, not sure why line addresses are missing from the valgrind log. Here is a new one:
==240435== Memcheck, a memory error detector
==240435== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==240435== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==240435== Command: ./src/vim -Nu NONE -S /tmp/crash.vim
==240435== Parent PID: 234840
==240435==
==240435== Invalid free() / delete / delete[] / realloc()
==240435== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==240435== by 0x14D11F: vim_free (alloc.c:623)
==240435== by 0x3A0B9A: clear_tv (typval.c:115)
==240435== by 0x24A082: list_free_contents (list.c:231)
==240435== by 0x24A223: list_free (list.c:299)
==240435== by 0x24A031: list_unref (list.c:214)
==240435== by 0x3A0BFD: clear_tv (typval.c:126)
==240435== by 0x3DBFAC: call_def_function (vim9execute.c:5290)
==240435== by 0x3B7F74: call_user_func (userfunc.c:2599)
==240435== by 0x3B9211: call_user_func_check (userfunc.c:2998)
==240435== by 0x3BA4E8: call_func (userfunc.c:3564)
==240435== by 0x3B65A6: get_func_tv (userfunc.c:1793)
==240435== by 0x1ABD22: eval_func (eval.c:2102)
==240435== by 0x1AF6BE: eval7 (eval.c:3855)
==240435== by 0x1AEA0F: eval7t (eval.c:3428)
==240435== by 0x1AE467: eval6 (eval.c:3220)
==240435== by 0x1ADBB3: eval5 (eval.c:2983)
==240435== by 0x1AD672: eval4 (eval.c:2833)
==240435== by 0x1AD18E: eval3 (eval.c:2694)
==240435== by 0x1ACCC3: eval2 (eval.c:2568)
==240435== by 0x1AC58B: eval1 (eval.c:2414)
==240435== by 0x1AC30A: eval0_retarg (eval.c:2331)
==240435== by 0x1AC273: eval0 (eval.c:2306)
==240435== by 0x1F1824: ex_eval (ex_eval.c:940)
==240435== by 0x1E28AF: do_one_cmd (ex_docmd.c:2567)
==240435== by 0x1DFA96: do_cmdline (ex_docmd.c:993)
==240435== by 0x31FD9C: do_source (scriptfile.c:1516)
==240435== by 0x31F0E2: cmd_source (scriptfile.c:1098)
==240435== by 0x31F1C0: ex_source (scriptfile.c:1124)
==240435== by 0x1E28AF: do_one_cmd (ex_docmd.c:2567)
==240435== by 0x1DFA96: do_cmdline (ex_docmd.c:993)
==240435== by 0x1DEF21: do_cmdline_cmd (ex_docmd.c:587)
==240435== by 0x457E8A: exe_commands (main.c:3089)
==240435== by 0x4546D9: vim_main2 (main.c:772)
==240435== by 0x453F98: main (main.c:424)
==240435== Address 0x64a14a0 is 0 bytes inside a block of size 6 free'd
==240435== at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==240435== by 0x14D11F: vim_free (alloc.c:623)
==240435== by 0x3A0B9A: clear_tv (typval.c:115)
==240435== by 0x24A082: list_free_contents (list.c:231)
==240435== by 0x24A223: list_free (list.c:299)
==240435== by 0x24A031: list_unref (list.c:214)
==240435== by 0x3A0BFD: clear_tv (typval.c:126)
==240435== by 0x24A082: list_free_contents (list.c:231)
==240435== by 0x24A223: list_free (list.c:299)
==240435== by 0x24A031: list_unref (list.c:214)
==240435== by 0x3A0BFD: clear_tv (typval.c:126)
==240435== by 0x3DAA20: exec_instructions (vim9execute.c:4839)
==240435== by 0x3DBBD3: call_def_function (vim9execute.c:5231)
==240435== by 0x3B7F74: call_user_func (userfunc.c:2599)
==240435== by 0x3B9211: call_user_func_check (userfunc.c:2998)
==240435== by 0x3BA4E8: call_func (userfunc.c:3564)
==240435== by 0x3B65A6: get_func_tv (userfunc.c:1793)
==240435== by 0x1ABD22: eval_func (eval.c:2102)
==240435== by 0x1AF6BE: eval7 (eval.c:3855)
==240435== by 0x1AEA0F: eval7t (eval.c:3428)
==240435== by 0x1AE467: eval6 (eval.c:3220)
==240435== by 0x1ADBB3: eval5 (eval.c:2983)
==240435== by 0x1AD672: eval4 (eval.c:2833)
==240435== by 0x1AD18E: eval3 (eval.c:2694)
==240435== by 0x1ACCC3: eval2 (eval.c:2568)
==240435== by 0x1AC58B: eval1 (eval.c:2414)
==240435== by 0x1AC30A: eval0_retarg (eval.c:2331)
==240435== by 0x1AC273: eval0 (eval.c:2306)
==240435== by 0x1F1824: ex_eval (ex_eval.c:940)
==240435== by 0x1E28AF: do_one_cmd (ex_docmd.c:2567)
==240435== by 0x1DFA96: do_cmdline (ex_docmd.c:993)
==240435== by 0x31FD9C: do_source (scriptfile.c:1516)
==240435== by 0x31F0E2: cmd_source (scriptfile.c:1098)
==240435== by 0x31F1C0: ex_source (scriptfile.c:1124)
==240435== by 0x1E28AF: do_one_cmd (ex_docmd.c:2567)
==240435== by 0x1DFA96: do_cmdline (ex_docmd.c:993)
==240435== by 0x1DEF21: do_cmdline_cmd (ex_docmd.c:587)
==240435== by 0x457E8A: exe_commands (main.c:3089)
==240435== by 0x4546D9: vim_main2 (main.c:772)
==240435== by 0x453F98: main (main.c:424)
==240435== Block was alloc'd at
==240435== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==240435== by 0x14CB88: lalloc (alloc.c:248)
==240435== by 0x14CA1F: alloc (alloc.c:151)
==240435== by 0x35D1F0: vim_strsave (strings.c:27)
==240435== by 0x3D5C96: exec_instructions (vim9execute.c:3319)
==240435== by 0x3DBBD3: call_def_function (vim9execute.c:5231)
==240435== by 0x3B7F74: call_user_func (userfunc.c:2599)
==240435== by 0x3B9211: call_user_func_check (userfunc.c:2998)
==240435== by 0x3BA4E8: call_func (userfunc.c:3564)
==240435== by 0x3B65A6: get_func_tv (userfunc.c:1793)
==240435== by 0x1ABD22: eval_func (eval.c:2102)
==240435== by 0x1AF6BE: eval7 (eval.c:3855)
==240435== by 0x1AEA0F: eval7t (eval.c:3428)
==240435== by 0x1AE467: eval6 (eval.c:3220)
==240435== by 0x1ADBB3: eval5 (eval.c:2983)
==240435== by 0x1AD672: eval4 (eval.c:2833)
==240435== by 0x1AD18E: eval3 (eval.c:2694)
==240435== by 0x1ACCC3: eval2 (eval.c:2568)
==240435== by 0x1AC58B: eval1 (eval.c:2414)
==240435== by 0x1AC30A: eval0_retarg (eval.c:2331)
==240435== by 0x1AC273: eval0 (eval.c:2306)
==240435== by 0x1F1824: ex_eval (ex_eval.c:940)
==240435== by 0x1E28AF: do_one_cmd (ex_docmd.c:2567)
==240435== by 0x1DFA96: do_cmdline (ex_docmd.c:993)
==240435== by 0x31FD9C: do_source (scriptfile.c:1516)
==240435== by 0x31F0E2: cmd_source (scriptfile.c:1098)
==240435== by 0x31F1C0: ex_source (scriptfile.c:1124)
==240435== by 0x1E28AF: do_one_cmd (ex_docmd.c:2567)
==240435== by 0x1DFA96: do_cmdline (ex_docmd.c:993)
==240435== by 0x1DEF21: do_cmdline_cmd (ex_docmd.c:587)
==240435== by 0x457E8A: exe_commands (main.c:3089)
==240435== by 0x4546D9: vim_main2 (main.c:772)
==240435== by 0x453F98: main (main.c:424)
==240435==
==240435==
==240435== HEAP SUMMARY:
==240435== in use at exit: 114,750 bytes in 1,098 blocks
==240435== total heap usage: 5,407 allocs, 4,310 frees, 1,508,677 bytes allocated
—
Reply to this email directly, view it on GitHub.
Triage notifications on the go with GitHub Mobile for iOS or Android.
You are receiving this because you are subscribed to this thread.
Shane-XB-Qian
Mar 18, 2022, 6:25:17 AM3/18/22
to vim/vim, Subscribed
i can reproduce it, though not only ;, but also : (or perhaps something else too).
—
Reply to this email directly, view it on GitHub.
Triage notifications on the go with GitHub Mobile for iOS or Android.
You are receiving this because you are subscribed to this thread.
Bram Moolenaar
Mar 18, 2022, 9:11:46 AM3/18/22
to vim/vim, Subscribed
—
Reply to this email directly, view it on GitHub.
Triage notifications on the go with GitHub Mobile for iOS or Android.
You are receiving this because you are subscribed to this thread.
Reply all
Reply to author
Forward
0 new messages