Hi Vim-8.0.779 (and older) built with -DEXITFREE crashes in quickfix.c when doing:
$ vim -u NONE -c'lh[' -clop -c'e#' -c'lh[' -cqa ** Error in `./vim': double free or corruption (!prev): 0x00000000010db700 *** ... Vim: Caught deadly signal ABRT 00000000 08:11 26223957 /usr/lib/x86_64-linux-gnu/libxkbcommon.so.0.0.0 Vim: Finished. Aborted (core dumped) Bug was found using afl-fuzz. Valgrind report: ==5893== Memcheck, a memory error detector ==5893== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==5893== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==5893== Command: ./vim -u NONE -clh[ -clop -ce# -clh[ -cqa ==5893== ==5893== Invalid read of size 4 ==5893== at 0x573386: ll_free_all (quickfix.c:1417) ==5893== by 0x573308: qf_free_all (quickfix.c:1437) ==5893== by 0x516F0A: free_all_mem (misc2.c:1179) ==5893== by 0x569D0E: mch_exit (os_unix.c:3351) ==5893== by 0x6A8379: getout (main.c:1548) ==5893== by 0x49A970: ex_quit_all (ex_docmd.c:7366) ==5893== by 0x48C6DF: do_one_cmd (ex_docmd.c:2951) ==5893== by 0x488A15: do_cmdline (ex_docmd.c:1089) ==5893== by 0x489795: do_cmdline_cmd (ex_docmd.c:689) ==5893== by 0x6A8411: exe_commands (main.c:2960) ==5893== by 0x6A6F73: vim_main2 (main.c:805) ==5893== by 0x6A4A98: main (main.c:419) ==5893== Address 0x10eb9a70 is 0 bytes inside a block of size 1,056 free'd ==5893== at 0x4C2EDEB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==5893== by 0x5170BD: vim_free (misc2.c:1793) ==5893== by 0x5733D6: ll_free_all (quickfix.c:1423) ==5893== by 0x5732F6: qf_free_all (quickfix.c:1436) ==5893== by 0x516F0A: free_all_mem (misc2.c:1179) ==5893== by 0x569D0E: mch_exit (os_unix.c:3351) ==5893== by 0x6A8379: getout (main.c:1548) ==5893== by 0x49A970: ex_quit_all (ex_docmd.c:7366) ==5893== by 0x48C6DF: do_one_cmd (ex_docmd.c:2951) ==5893== by 0x488A15: do_cmdline (ex_docmd.c:1089) ==5893== by 0x489795: do_cmdline_cmd (ex_docmd.c:689) ==5893== by 0x6A8411: exe_commands (main.c:2960) ==5893== Block was alloc'd at ==5893== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==5893== by 0x51697A: lalloc (misc2.c:942) ==5893== by 0x516917: alloc (misc2.c:840) ==5893== by 0x573821: ll_new_list (quickfix.c:1540) ==5893== by 0x57C381: ex_helpgrep (quickfix.c:5359) ==5893== by 0x48C6DF: do_one_cmd (ex_docmd.c:2951) ==5893== by 0x488A15: do_cmdline (ex_docmd.c:1089) ==5893== by 0x489795: do_cmdline_cmd (ex_docmd.c:689) ==5893== by 0x6A8411: exe_commands (main.c:2960) ==5893== by 0x6A6F73: vim_main2 (main.c:805) ==5893== by 0x6A4A98: main (main.c:419) ...snip more errors after that... Regards Dominique -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
