It doesn't crash for me, but this does:
tmux setb $(perl -e "print \"x\"x1042")
Please try this fix (also fixes some other similar things):
diff --git a/arguments.c b/arguments.c
index d4e5e53..fd656b1 100644
--- a/arguments.c
+++ b/arguments.c
@@ -125,7 +125,7 @@ args_free(struct args *args)
size_t
args_print(struct args *args, char *buf, size_t len)
{
- size_t off;
+ size_t off, used;
int i;
const char *quotes;
struct args_entry *entry;
@@ -165,9 +165,12 @@ args_print(struct args *args, char *buf, size_t len)
quotes = "\"";
else
quotes = "";
- off += xsnprintf(buf + off, len - off, "%s-%c %s%s%s",
+ used = xsnprintf(buf + off, len - off, "%s-%c %s%s%s",
off != 0 ? " " : "", entry->flag, quotes, entry->value,
quotes);
+ if (used > len - off)
+ used = len - off;
+ off += used;
}
/* And finally the argument vector. */
@@ -181,8 +184,11 @@ args_print(struct args *args, char *buf, size_t len)
quotes = "\"";
else
quotes = "";
- off += xsnprintf(buf + off, len - off, "%s%s%s%s",
+ used = xsnprintf(buf + off, len - off, "%s%s%s%s",
off != 0 ? " " : "", quotes, args->argv[i], quotes);
+ if (used > len - off)
+ used = len - off;
+ off += used;
}
return (off);
diff --git a/cmd-list.c b/cmd-list.c
index 08e2067..7ef8d1c 100644
--- a/cmd-list.c
+++ b/cmd-list.c
@@ -103,7 +103,7 @@ size_t
cmd_list_print(struct cmd_list *cmdlist, char *buf, size_t len)
{
struct cmd *cmd;
- size_t off;
+ size_t off, used;
off = 0;
TAILQ_FOREACH(cmd, &cmdlist->list, qentry) {
@@ -112,8 +112,12 @@ cmd_list_print(struct cmd_list *cmdlist, char *buf, size_t
len)
off += cmd_print(cmd, buf + off, len - off);
if (off >= len)
break;
- if (TAILQ_NEXT(cmd, qentry) != NULL)
- off += xsnprintf(buf + off, len - off, " ; ");
+ if (TAILQ_NEXT(cmd, qentry) != NULL) {
+ used = xsnprintf(buf + off, len - off, " ; ");
+ if (used > len - off)
+ used = len - off;
+ off += used;
+ }
}
return (off);
}
diff --git a/window-copy.c b/window-copy.c
index 9aaf554..42b81d2 100644
--- a/window-copy.c
+++ b/window-copy.c
@@ -1194,8 +1194,8 @@ window_copy_write_line(
screen_write_puts(ctx, &gc, "%s", hdr);
} else if (py == last && data->inputtype != WINDOW_COPY_OFF) {
limit = sizeof hdr;
- if (limit > screen_size_x(s))
- limit = screen_size_x(s);
+ if (limit > screen_size_x(s) + 1)
+ limit = screen_size_x(s) + 1;
if (data->inputtype == WINDOW_COPY_NUMERICPREFIX) {
xoff = size = xsnprintf(hdr, limit,
"Repeat: %u", data->numprefix);
@@ -1208,10 +1208,12 @@ window_copy_write_line(
} else
size = 0;
- screen_write_cursormove(ctx, xoff, py);
- screen_write_copy(ctx, data->backing, xoff,
- (screen_hsize(data->backing) - data->oy) + py,
- screen_size_x(s) - size, 1);
+ if (size < screen_size_x(s)) {
+ screen_write_cursormove(ctx, xoff, py);
+ screen_write_copy(ctx, data->backing, xoff,
+ (screen_hsize(data->backing) - data->oy) + py,
+ screen_size_x(s) - size, 1);
+ }
if (py == data->cy && data->cx == screen_size_x(s)) {
memcpy(&gc, &grid_default_cell, sizeof gc);
On Fri, Apr 11, 2014 at 05:06:23PM +0200, Julien Rebetez wrote:
> I can still reproduce on tmux from git.
>
> Here is the gdb backtrace (once with 'bt full') from the core dump.
>
> Best regards,
> Julien
>
>
> On Fri, Apr 11, 2014 at 4:40 PM, Nicholas Marriott
> <[email protected]> wrote:
> > Hi
> >
> > tmux doesn't crash for me, please try to build tmux from git and see if
> > you can still reproduce.
> >
> > If you can, please see if there is a core file and send me a backtrace
> > from gdb.
> >
> >
> > On Fri, Apr 11, 2014 at 04:30:54PM +0200, Julien Rebetez wrote:
> >> Hello,
> >> First, thanks for this wonderful software !
> >>
> >> I am using tslime[1] with a custom vim plugin [2] to copy/paste code
> >> from vim to an ipython session running in tmux. It's working great but
> >> sometimes, tmux crashes with "[lost server]".
> >>
> >> In the background, tslime use 'tmux set-buffer' to send text to tmux.
> >> It seems the crash is very dependent on the content of the buffer and
> >> it mostly happens with somewhat large buffers.
> >>
> >> I wrote a small script [3] that contains an example buffer that
> >> reproduces the crash.
> >>
> >> For example :
> >> $ ./crash_tmux.sh
> >> failed to connect to server: Connection refused
> >>
> >> If I remove (or add) one line from the buffer (for example the "if
> >> True" near the end), tmux doesn't crash anymore :
> >> # Modify crash_tmux.sh to remove the "if True" line
> >> $ ./crash_tmux.sh
> >> test: 1 windows (created Fri Apr 11 15:25:26 2014) [80x22]
> >>
> >> System informations :
> >> - tmux version : 1.9a
> >> - terminal emulator : gnome-terminal
> >> - $TERM : xterm-256color
> >> - OS : Ubuntu 13.10
> >>
> >> I also tried removing my .tmux.conf, but it doesn't help.
> >>
> >> Then, I checked out the git master and started a bisect. (see
> >> bisect.log on the gist [3] linked below). It seems the problem is
> >> introduced in this revision :
> >> http://sourceforge.net/p/tmux/tmux-code/ci/f8c86a9515ae863fcbc38769544be983ce494a3c
> >>
> >> So I tried commenting out the lines added by this commit and it
> >> appears line 217 of cmd-queue.c is the problem :
> >>
> >> cmd_print(cmdq->cmd, s, sizeof s);
> >>
> >> If i comment this line, the crash goes away ! Since this seems like
> >> those are debug statements, I'll try to run the patched tmux and I'll
> >> see if I get any more crashes in the next days.
> >>
> >> Best regards
> >> Julien
> >>
> >> [1] https://github.com/kikijump/tslime.vim
> >> [2] https://github.com/julienr/vimux-pyutils
> >> [3] https://gist.github.com/julienr/10470414
> >>
> >> ------------------------------------------------------------------------------
> >> Put Bad Developers to Shame
> >> Dominate Development with Jenkins Continuous Integration
> >> Continuously Automate Build, Test & Deployment
> >> Start a new project now. Try Jenkins in the cloud.
> >> http://p.sf.net/sfu/13600_Cloudbees
> >> _______________________________________________
> >> tmux-users mailing list
> >> [email protected]
> >> https://lists.sourceforge.net/lists/listinfo/tmux-users
> [New LWP 8918]
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> Core was generated by `/home/julien/programs/tmux-git/_install/bin/tmux
> new-session -d -s test -n test'.
> Program terminated with signal 6, Aborted.
> #0 0x00007fc549950f77 in __GI_raise (sig=sig@entry=6) at
> ../nptl/sysdeps/unix/sysv/linux/raise.c:56
> #0 0x00007fc549950f77 in __GI_raise (sig=sig@entry=6) at
> ../nptl/sysdeps/unix/sysv/linux/raise.c:56
> #1 0x00007fc5499545e8 in __GI_abort () at abort.c:90
> #2 0x00007fc54998e4fb in __libc_message (do_abort=do_abort@entry=1,
> fmt=fmt@entry=0x7fc549a9ff10 "*** %s ***: %s terminated\n") at
> ../sysdeps/unix/sysv/linux/libc_fatal.c:199
> #3 0x00007fc549a2c08c in __GI___fortify_fail (msg=<optimized out>,
> msg@entry=0x7fc549a9fef8 "stack smashing detected") at fortify_fail.c:37
> #4 0x00007fc549a2c030 in __stack_chk_fail () at stack_chk_fail.c:28
> #5 0x000000000041016e in cmdq_continue (cmdq=0x1218a10) at cmd-queue.c:267
> #6 0x000000000040fd05 in cmdq_run (cmdq=0x1218a10, cmdlist=0x1220d60) at
> cmd-queue.c:176
> #7 0x00000000004362ea in server_client_msg_command (c=0x1222f40,
> imsg=0x7fffba5bfe20) at server-client.c:943
> #8 0x0000000000435e11 in server_client_msg_dispatch (c=0x1222f40) at
> server-client.c:836
> #9 0x000000000043476d in server_client_callback (fd=5, events=2,
> data=0x1222f40) at server-client.c:231
> #10 0x00007fc549f09f94 in event_base_loop () from
> /usr/lib/x86_64-linux-gnu/libevent-2.0.so.5
> #11 0x0000000000438fde in server_loop () at server.c:210
> #12 0x0000000000438fbd in server_start (lockfd=5, lockfile=0x121a650 "") at
> server.c:201
> #13 0x0000000000405ded in client_connect (path=0x692a60 <socket_path>
> "/tmp/tmux-1000/default", start_server=1) at client.c:130
> #14 0x00000000004060ff in client_main (argc=6, argv=0x7fffba5c3400,
> flags=65536) at client.c:238
> #15 0x0000000000443c5e in main (argc=6, argv=0x7fffba5c3400) at tmux.c:389
> [New LWP 8918]
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> Core was generated by `/home/julien/programs/tmux-git/_install/bin/tmux
> new-session -d -s test -n test'.
> Program terminated with signal 6, Aborted.
> #0 0x00007fc549950f77 in __GI_raise (sig=sig@entry=6) at
> ../nptl/sysdeps/unix/sysv/linux/raise.c:56
> #0 0x00007fc549950f77 in __GI_raise (sig=sig@entry=6) at
> ../nptl/sysdeps/unix/sysv/linux/raise.c:56
> resultvar = 0
> pid = 8918
> selftid = 8918
> #1 0x00007fc5499545e8 in __GI_abort () at abort.c:90
> save_stage = 2
> act = {__sigaction_handler = {sa_handler = 0x0, sa_sigaction = 0x0},
> sa_mask = {__val = {4569798, 140736319977008, 140736319976992, 4590425,
> 4590427, 140736319977464, 1234581650, 0, 0, 0, 0, 0, 0, 0, 0, 4294967295}},
> sa_flags = 0, sa_restorer = 0xffffffff00000000}
> sigs = {__val = {32, 0 <repeats 15 times>}}
> #2 0x00007fc54998e4fb in __libc_message (do_abort=do_abort@entry=1,
> fmt=fmt@entry=0x7fc549a9ff10 "*** %s ***: %s terminated\n") at
> ../sysdeps/unix/sysv/linux/libc_fatal.c:199
> ap = {{gp_offset = 32, fp_offset = 48, overflow_arg_area =
> 0x7fffba5bf8e0, reg_save_area = 0x7fffba5bf7f0}}
> ap_copy = {{gp_offset = 16, fp_offset = 48, overflow_arg_area =
> 0x7fffba5bf8e0, reg_save_area = 0x7fffba5bf7f0}}
> fd = 2
> on_2 = <optimized out>
> list = <optimized out>
> nlist = <optimized out>
> cp = <optimized out>
> written = <optimized out>
> #3 0x00007fc549a2c08c in __GI___fortify_fail (msg=<optimized out>,
> msg@entry=0x7fc549a9fef8 "stack smashing detected") at fortify_fail.c:37
> do_abort = 1
> #4 0x00007fc549a2c030 in __stack_chk_fail () at stack_chk_fail.c:28
> No locals.
> #5 0x000000000041016e in cmdq_continue (cmdq=0x1218a10) at cmd-queue.c:267
> next = 0x0
> retval = CMD_RETURN_NORMAL
> empty = 1
> guard = 0
> flags = 0
> s = "set-buffer \"\"##\ndef laplacian_smoothing(verts, faces):\n
> \"\"\"\n Laplacian mesh smoothing\n
> http://en.wikipedia.org/wiki/Laplacian_smoothing\n\n Basically, each
> vertex is replaced by a weighted a"...
> #6 0x000000000040fd05 in cmdq_run (cmdq=0x1218a10, cmdlist=0x1220d60) at
> cmd-queue.c:176
> No locals.
> #7 0x00000000004362ea in server_client_msg_command (c=0x1222f40,
> imsg=0x7fffba5bfe20) at server-client.c:943
> data = {argc = 2}
> buf = 0x1235c94 "set-buffer"
> len = 1038
> cmdlist = 0x1220d60
> argc = 2
> argv = 0x1240440
> cause = 0x0
> __func__ = "server_client_msg_command"
> #8 0x0000000000435e11 in server_client_msg_dispatch (c=0x1222f40) at
> server-client.c:836
> imsg = {hdr = {type = 200, len = 1058, flags = 0, peerid = 8, pid =
> 4294967295}, fd = -1, data = 0x1235c90}
> stdindata = {size = 0, data = '\000' <repeats 7440 times>...}
> data = 0x1235c90 "\002"
> n = 1058
> datalen = 1042
> __func__ = "server_client_msg_dispatch"
> #9 0x000000000043476d in server_client_callback (fd=5, events=2,
> data=0x1222f40) at server-client.c:231
> c = 0x1222f40
> #10 0x00007fc549f09f94 in event_base_loop () from
> /usr/lib/x86_64-linux-gnu/libevent-2.0.so.5
> No symbol table info available.
> #11 0x0000000000438fde in server_loop () at server.c:210
> No locals.
> #12 0x0000000000438fbd in server_start (lockfd=5, lockfile=0x121a650 "") at
> server.c:201
> pair = {6, 7}
> tv = {tv_sec = 1, tv_usec = 0}
> cause = 0x6 <Address 0x6 out of bounds>
> __func__ = "server_start"
> #13 0x0000000000405ded in client_connect (path=0x692a60 <socket_path>
> "/tmp/tmux-1000/default", start_server=1) at client.c:130
> sa = {sun_family = 1, sun_path = "/tmp/tmux-1000/default", '\000'
> <repeats 85 times>}
> size = 22
> fd = 5
> lockfd = 5
> lockfile = 0x121a650 ""
> __func__ = "client_connect"
> #14 0x00000000004060ff in client_main (argc=6, argv=0x7fffba5c3400,
> flags=65536) at client.c:238
> cmd = 0x0
> cmdlist = 0x121a4d0
> data = 0x28282353
> cmdflags = 3
> fd = 1242818656
> i = 18981200
> ppid = 32709
> msg = MSG_COMMAND
> cause = 0x0
> tio = {c_iflag = 1313166917, c_oflag = 1330536276, c_cflag =
> 1280069456, c_lflag = 0, c_line = 1 '\001', c_cc =
> "\000\000\000T_NO\000\000\000\000\000\000\000\000\200!\\\272\377\177\000\000\020\361\357I\305\177\000\000",
> c_ispeed = 0, c_ospeed = 3126600080}
> saved_tio = {c_iflag = 4208704, c_oflag = 0, c_cflag = 1998626048,
> c_lflag = 4131902374, c_line = 0 '\000', c_cc = '\000' <repeats 15 times>,
> "\220!\\\272\377\177\000\000@8@\000\000\000\000", <incomplete sequence \360>,
> c_ispeed = 32767, c_ospeed = 0}
> size = 140736319987952
> #15 0x0000000000443c5e in main (argc=6, argv=0x7fffba5c3400) at tmux.c:389
> pw = 0x0
> s = 0x0
> path = 0x1219e30 "EVENT_NOEPOLL=1"
> label = 0x1219e10 ""
> var = 0x7fffba5c36f0
> tmp = "/home/julien", '\000' <repeats 780 times>...
> in = '\000' <repeats 255 times>
> home = 0x7fffba5c5ccf "/home/julien"
> pid = 0
> opt = -1
> flags = 65536
> quiet = 0
> keys = 1
> session = 0
------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
tmux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tmux-users
