Re: Bug with :redir

Dominique Pellé Sun, 25 Oct 2009 08:24:03 -0700

Christian Brabandt wrote:

> Hi,
> I got this error with vim 7.2.245 (linux) and Gvim 7.2.148 (Windows):
>
> chrisbra t41:~ [1023:139]% vim -u NONE -N -c 'for i in range(3) | redir => 
> temp[i] |echo 1| redir END'
> Vim: Caught deadly signal SEGV
>
> Press ENTER or type command to continueVim: Finished.
>
> zsh: segmentation fault  vim -u NONE -N -c 'for i in range(3) | redir => 
> temp[i] |echo 1| redir END'
>
>
>
> I would have expected an error, but no SEGV. (E121: undefined variable
> or something).
>
> regards,
> Christian


I can confirm the crash with latest Vim-7.2.267 (Linux x86).

In fact, the for loop is not required to cause the crash.  This is
enough to make Vim crash:

  $ ./vim -u NONE -N -c 'redir => temp[0] |echo 1| redir END'
  Vim: Caught deadly signal SEGV

Using gdb, I see that a NULL pointer endp is dereferenced at eval.c:2786:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb6bfc700 (LWP 3136)]
0x0807556e in set_var_lval (lp=0x91c69a4, endp=0x0, rettv=0xbf91e12c,
copy=0, op=0x81e556d ".") at eval.c:2786
2786                cc = *endp;
(gdb) bt
#0  0x0807556e in set_var_lval (lp=0x91c69a4, endp=0x0,
rettv=0xbf91e12c, copy=0, op=0x81e556d ".") at eval.c:2786
#1  0x080728a6 in var_redir_stop () at eval.c:1102
#2  0x080726dc in var_redir_start (name=0x91938ed "temp[0]", append=0)
at eval.c:1022
#3  0x080b05a3 in ex_redir (eap=0xbf91e220) at ex_docmd.c:8566
#4  0x080a747d in do_one_cmd (cmdlinep=0xbf91e3e0, sourcing=1,
cstack=0xbf91e3e8, fgetline=0, cookie=0x0) at ex_docmd.c:2629
#5  0x080a4cb4 in do_cmdline (cmdline=0xbf920666 "redir => temp[0]
|echo 1| redir END", getline=0, cookie=0x0, flags=11) at
ex_docmd.c:1098
#6  0x080a434d in do_cmdline_cmd (cmd=0xbf920666 "redir => temp[0]
|echo 1| redir END") at ex_docmd.c:704
#7  0x080e9b8c in exe_commands (parmp=0xbf91e784) at main.c:2697
#8  0x080e7574 in main (argc=6, argv=0xbf91e8e4) at main.c:874

(gdb) list
2781
2782        if (lp->ll_tv == NULL)
2783        {
2784            if (!check_changedtick(lp->ll_name))
2785            {
2786                cc = *endp;
2787                *endp = NUL;
2788                if (op != NULL && *op != '=')
2789                {
2790                    typval_T tv;
(gdb) p endp
$1 = (char_u *) 0x0

Not sure how to fix it yet.

-- Dominique

--~--~---------~--~----~------------~-------~--~----~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~----------~----~----~----~------~----~------~--~---

Re: Bug with :redir

Raspunde prin e-mail lui