On 10/24/21 10:11 AM, Klemens Nanni wrote:
I fat fingered commands and it crashed. Here is a reproducer
(files do not have to exist):
$ vi foo
:e
:e bar
:q!
vi(12918) in free(): write after free 0xea559a2d980
Abort trap (core
dumped)
In words: open a file, open an empty file, open another file, exit
forcefully.
Here's a backtrace produced with a DEBUG='-g3 -O0' exectuable:
#0 thrkill () at /tmp/-:3
3 /tmp/-: No such file or directory.
#0 thrkill () at /tmp/-:3
#1 0x00000f8c41ddb78e in _libc_abort () at /usr/src/lib/libc/stdlib/abort.c:51
#2 0x00000f8c41d8e096 in wrterror (d=0xf8c0ff999e0, msg=0xf8c41d6c911 "write after
free %p") at /usr/src/lib/libc/stdlib/malloc.c:307
#3 0x00000f8c41d8ee1a in ofree (argpool=0x7f7fffff3dc0, p=<optimized out>, clear=<optimized
out>, check=<optimized out>, argsz=<optimized out>) at
/usr/src/lib/libc/stdlib/malloc.c:1439
#4 0x00000f8c41d8e2db in free (ptr=0xf8bcf80a600) at
/usr/src/lib/libc/stdlib/malloc.c:1470
#5 0x00000f89c487c803 in opts_free (sp=0xf8c03c1e7a0) at
/usr/src/usr.bin/vi/build/../common/options.c:1096
#6 0x00000f89c4880936 in screen_end (sp=0xf8c03c1e7a0) at
/usr/src/usr.bin/vi/build/../common/screen.c:192
#7 0x00000f89c489a013 in vi (spp=0x7f7fffff41d8) at
/usr/src/usr.bin/vi/build/../vi/vi.c:257
#8 0x00000f89c4875a4b in editor (gp=0xf8c5dfc85f0, argc=1,
argv=0x7f7fffff4320) at /usr/src/usr.bin/vi/build/../common/main.c:429
#9 0x00000f89c484566b in main (argc=2, argv=0x7f7fffff4318) at
/usr/src/usr.bin/vi/build/../cl/cl_main.c:97
I have no time to look at this myself, feel free to take over.
If it helps to narrow this down I can't reproduce on 6.9
Edgar
