Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crash with text properties and foldenable #3766

Closed
andymass opened this issue Jan 5, 2019 · 2 comments
Closed

crash with text properties and foldenable #3766

andymass opened this issue Jan 5, 2019 · 2 comments

Comments

@andymass
Copy link

andymass commented Jan 5, 2019

I'm seeing a segfault with the following simple text properties example. It seems to depend on foldmethod=marker or =indent (no crash with manual or when nofoldenable).

Run as: ./src/vim --clean +'source %' propcrash.vim

call prop_type_add('test', {
            \ 'highlight': 'Constant',
            \ 'start_incl': 0,
            \ 'end_incl': 0, })

call prop_add(6, 11, {
            \ 'length': 1,
            \ 'type': 'test'})

set foldenable foldmethod=marker

call cursor(6, 5)
normal! x

Backtrace:

#0  0x00007ffff673cf73 in free () at /usr/lib/libc.so.6
#1  0x00005555556b7307 in vim_free (x=0x555555967d11) at misc2.c:1863
#2  0x000055555569a0b7 in ml_flush_line (buf=0x55555593bfc0) at memline.c:3834
#3  0x000055555569755a in ml_get_buf (buf=0x55555593bfc0, lnum=1, will_change=0) at memline.c:2518
#4  0x00005555556a5a90 in plines_win_nofold (wp=0x555555939ef0, lnum=1) at misc1.c:2185
#5  0x00005555556a5a3a in plines_win_nofill (wp=0x555555939ef0, lnum=1, winheight=1) at misc1.c:2168
#6  0x00005555556be856 in curs_rows (wp=0x555555939ef0) at move.c:752
#7  0x00005555556bef24 in curs_columns (may_scroll=1) at move.c:967
#8  0x00005555556be4fd in validate_cursor () at move.c:658
#9  0x0000555555860a35 in main_loop (cmdwin=0, noexmode=0) at main.c:1247
#10 0x00005555558603d3 in vim_main2 () at main.c:917
#11 0x000055555585fa77 in main (argc=2, argv=0x7fffffffd8c8) at main.c:441
@dpelle
Copy link
Member

dpelle commented Jan 5, 2019

I confirm the bug with-8.1.693. Valgrind gives:

==3080== Memcheck, a memory error detector
==3080== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==3080== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==3080== Command: ./vim --clean +source\ % propcrash.vim
==3080== 
==3080== Invalid free() / delete / delete[] / realloc()
==3080==    at 0x4C2EDEB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3080==    by 0x4BB92B: ml_flush_line (memline.c:3834)
==3080==    by 0x4BC120: ml_get_buf (memline.c:2518)
==3080==    by 0x4C5451: plines_win_nofold (misc1.c:2185)
==3080==    by 0x4C5521: plines_win_nofill (misc1.c:2168)
==3080==    by 0x4D93F4: curs_rows (move.c:752)
==3080==    by 0x4DB404: curs_columns (move.c:967)
==3080==    by 0x60D313: main_loop (main.c:1247)
==3080==    by 0x60E9A9: vim_main2 (main.c:917)
==3080==    by 0x40D041: main (main.c:441)
==3080==  Address 0x9455122 is 3,922 bytes inside a block of size 4,096 alloc'd
==3080==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3080==    by 0x4D23B0: lalloc (misc2.c:982)
==3080==    by 0x60EF80: mf_alloc_bhdr.isra.3 (memfile.c:898)
==3080==    by 0x60FD56: mf_new (memfile.c:379)
==3080==    by 0x4B7FBF: ml_new_data (memline.c:3851)
==3080==    by 0x4BAC8C: ml_open (memline.c:395)
==3080==    by 0x417C17: open_buffer (buffer.c:149)
==3080==    by 0x60E259: create_windows (main.c:2751)
==3080==    by 0x60E259: vim_main2 (main.c:741)
==3080==    by 0x40D041: main (main.c:441)

@brammool
Copy link
Contributor

brammool commented Jan 5, 2019 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dpelle @andymass @brammool