Re: SIGSEGV at syntax.c:2101

Jakson Alves de Aquino Fri, 30 Jan 2015 21:58:05 -0800

On Sat, Jan 31, 2015 at 06:30:05AM +0100, Dominique Pellé wrote:
> No, I don't think it's your fault.  It should be OK I think
> to enable FEAT_CONCEAL the way you did but it's better
> to build with --with-features=huge anyway.
> 
> So it would still be interesting to see why it crashed it you
> can.  Unfortunately, you copied only the last lines of
> the address sanitizer, we're missing the most important
> piece of information from asan. Can you try it again with...
> 
> $ cd vim/src
> $ ./vim 2> asan.log
> 
> ... and send the full output in asan.log


I configured the build as before:

   CFLAGS=-g ./configure --enable-pythoninterp=yes --enable-multibyte

And the asan.log is (I removed the first directories from file
paths to make them shorter):

=================================================================
==6353==ERROR: AddressSanitizer: heap-use-after-free on address 0x6160000fa790 
at pc 0x79a090 bp 0x7fff2c094bd0 sp 0x7fff2c094bc0
READ of size 8 at 0x6160000fa790 thread T0
    #0 0x79a08f in nfa_regmatch src/regexp_nfa.c:5505
    #1 0x7a0c6c in nfa_regtry src/regexp_nfa.c:6860
    #2 0x7a20a9 in nfa_regexec_both src/regexp_nfa.c:7050
    #3 0x7a296a in nfa_regexec_multi src/regexp_nfa.c:7263
    #4 0x7a32a3 in vim_regexec_multi src/regexp.c:8273
    #5 0x866236 in syn_regexec src/syntax.c:3284
    #6 0x8601d4 in syn_current_attr src/syntax.c:2097
    #7 0x85ee2c in get_syntax_attr src/syntax.c:1854
    #8 0x7b9d36 in win_line src/screen.c:4354
    #9 0x7ad9c5 in win_update src/screen.c:2011
    #10 0x7a6e0b in update_screen src/screen.c:678
    #11 0x89a9d7 in set_shellsize src/term.c:3174
    #12 0x89a451 in shell_resized src/term.c:3036
    #13 0x72cf4d in handle_resize src/os_unix.c:487
    #14 0x72cd55 in mch_inchar src/os_unix.c:399
    #15 0x8a5748 in ui_inchar src/ui.c:199
    #16 0x5dbfb7 in inchar src/getchar.c:3098
    #17 0x5db251 in vgetorpeek src/getchar.c:2873
    #18 0x5d5de6 in vpeekc src/getchar.c:1875
    #19 0x5d5fd1 in char_avail src/getchar.c:1925
    #20 0x7da67a in redrawing src/screen.c:10421
    #21 0x7a5963 in update_screen src/screen.c:500
    #22 0x95691b in main_loop src/main.c:1237
    #23 0x95616e in main src/main.c:1034
    #24 0x7f9370260ec4 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
    #25 0x431558 (/usr/local/bin/vim+0x431558)

0x6160000fa790 is located 528 bytes inside of 640-byte region 
[0x6160000fa580,0x6160000fa800)
freed by thread T0 here:
    #0 0x7f93731c553f in __interceptor_free 
(/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5753f)
    #1 0x6728d3 in vim_free src/misc2.c:1741
    #2 0x7a2730 in nfa_regfree src/regexp_nfa.c:7182
    #3 0x7a2c4b in vim_regfree src/regexp.c:8138
    #4 0x868120 in syn_clear_pattern src/syntax.c:3598
    #5 0x867404 in syntax_clear src/syntax.c:3495
    #6 0x86866e in syn_cmd_clear src/syntax.c:3655
    #7 0x87790b in ex_syntax src/syntax.c:6285
    #8 0x544222 in do_one_cmd src/ex_docmd.c:2940
    #9 0x53c708 in do_cmdline src/ex_docmd.c:1133
    #10 0x4ff928 in call_user_func src/eval.c:23618
    #11 0x4ba42f in call_func src/eval.c:8598
    #12 0x4b97a7 in get_func_tv src/eval.c:8434
    #13 0x4a682d in ex_call src/eval.c:3505
    #14 0x544222 in do_one_cmd src/ex_docmd.c:2940
    #15 0x53c708 in do_cmdline src/ex_docmd.c:1133
    #16 0x5ba897 in apply_autocmds_group src/fileio.c:9487
    #17 0x5b95ce in apply_autocmds src/fileio.c:9045
    #18 0x71490a in did_set_string_option src/option.c:7145
    #19 0x70abcc in do_set src/option.c:4892
    #20 0x570bc2 in ex_set src/ex_docmd.c:11972
    #21 0x544222 in do_one_cmd src/ex_docmd.c:2940
    #22 0x53c708 in do_cmdline src/ex_docmd.c:1133
    #23 0x4f5edf in ex_execute src/eval.c:21819
    #24 0x544222 in do_one_cmd src/ex_docmd.c:2940
    #25 0x53c708 in do_cmdline src/ex_docmd.c:1133
    #26 0x5ba897 in apply_autocmds_group src/fileio.c:9487
    #27 0x5b95ce in apply_autocmds src/fileio.c:9045
    #28 0x714a0e in did_set_string_option src/option.c:7153
    #29 0x70abcc in do_set src/option.c:4892

previously allocated by thread T0 here:
    #0 0x7f93731c57b7 in __interceptor_malloc 
(/usr/lib/x86_64-linux-gnu/libasan.so.1+0x577b7)
    #1 0x6705fb in lalloc src/misc2.c:921
    #2 0x7a2229 in nfa_regcomp src/regexp_nfa.c:7118
    #3 0x7a2aee in vim_regcomp src/regexp.c:8084
    #4 0x8744d1 in get_syn_pattern src/syntax.c:5667
    #5 0x86fab5 in syn_cmd_match src/syntax.c:4947
    #6 0x87790b in ex_syntax src/syntax.c:6285
    #7 0x544222 in do_one_cmd src/ex_docmd.c:2940
    #8 0x53c708 in do_cmdline src/ex_docmd.c:1133
    #9 0x4f5edf in ex_execute src/eval.c:21819
    #10 0x544222 in do_one_cmd src/ex_docmd.c:2940
    #11 0x53c708 in do_cmdline src/ex_docmd.c:1133
    #12 0x4ff928 in call_user_func src/eval.c:23618
    #13 0x4ba42f in call_func src/eval.c:8598
    #14 0x4b97a7 in get_func_tv src/eval.c:8434
    #15 0x4a682d in ex_call src/eval.c:3505
    #16 0x544222 in do_one_cmd src/ex_docmd.c:2940
    #17 0x53c708 in do_cmdline src/ex_docmd.c:1133
    #18 0x537b06 in do_source src/ex_cmds2.c:3345
    #19 0x535e3b in source_callback src/ex_cmds2.c:2762
    #20 0x5363af in do_in_runtimepath src/ex_cmds2.c:2866
    #21 0x535e65 in source_runtime src/ex_cmds2.c:2776
    #22 0x535e13 in ex_runtime src/ex_cmds2.c:2752
    #23 0x544222 in do_one_cmd src/ex_docmd.c:2940
    #24 0x53c708 in do_cmdline src/ex_docmd.c:1133
    #25 0x537b06 in do_source src/ex_cmds2.c:3345
    #26 0x535e3b in source_callback src/ex_cmds2.c:2762
    #27 0x5363af in do_in_runtimepath src/ex_cmds2.c:2866
    #28 0x535e65 in source_runtime src/ex_cmds2.c:2776
    #29 0x535e13 in ex_runtime src/ex_cmds2.c:2752

SUMMARY: AddressSanitizer: heap-use-after-free src/regexp_nfa.c:5505 
nfa_regmatch
Shadow bytes around the buggy address:
  0x0c2c800174a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c800174b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c800174c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c800174d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c800174e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c2c800174f0: fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c80017500: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c80017510: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c80017520: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c80017530: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c80017540: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Contiguous container OOB:fc
  ASan internal:           fe
==6353==ABORTING

Thanks!

-- 
Jakson

-- 
-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

--- 
You received this message because you are subscribed to the Google Groups 
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to vim_dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: SIGSEGV at syntax.c:2101

Reply via email to