This test exposes a bug (present on current master) in ins_char_bytes()
or somewhere earlier.
Steps to reproduce:
inoremap <C-D> <Del>
enew!
exe "normal a\nabcdefghi\njk\tlmn\n opq rst\n\<C-D>uvwxyz"
call cursor(1,1)
exe "normal gR0\<C-D> 1\nA\nBCDEFGHIJ\n\tKL\nMNO\nPQR"
or run `TEST_FILE=test_visual.res make oldtest`.
Executing Test_virtual_replace()
2 buffers wiped out=================================================================
==31341==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000c4f34 at pc 0x0000004f7971 bp 0x7ffdf87bb190 sp 0x7ffdf87ba940
WRITE of size 1 at 0x6020000c4f34 thread T0
0 0x4f7970 in __asan_memmove (/home/vagrant/neovim/build/bin/nvim+0x4f7970)
1 0xfde7a3 in ins_char_bytes /home/vagrant/neovim/build/../src/nvim/misc1.c:1488:3
2 0xfdef41 in ins_char /home/vagrant/neovim/build/../src/nvim/misc1.c:1403:3
3 0x79dd03 in insertchar /home/vagrant/neovim/build/../src/nvim/edit.c:5285:7
4 0x7be70f in insert_special /home/vagrant/neovim/build/../src/nvim/edit.c:5071:5
5 0x7bd94a in insert_handle_key /home/vagrant/neovim/build/../src/nvim/edit.c:1229:7
6 0x76df14 in insert_execute /home/vagrant/neovim/build/../src/nvim/edit.c:764:10
7 0x173cda9 in state_enter /home/vagrant/neovim/build/../src/nvim/state.c:67:26
8 0x77601d in insert_enter /home/vagrant/neovim/build/../src/nvim/edit.c:458:5
9 0x76986e in edit /home/vagrant/neovim/build/../src/nvim/edit.c:1327:3
10 0x1118661 in invoke_edit /home/vagrant/neovim/build/../src/nvim/normal.c:7591:7
11 0x10e60bc in nv_Replace /home/vagrant/neovim/build/../src/nvim/normal.c:6070:7
12 0x10f235d in nv_g_cmd /home/vagrant/neovim/build/../src/nvim/normal.c:6541:5
13 0x10c0eaa in normal_execute /home/vagrant/neovim/build/../src/nvim/normal.c:1136:3
14 0x10b8444 in normal_cmd /home/vagrant/neovim/build/../src/nvim/normal.c:7995:9
15 0xb80982 in exec_normal /home/vagrant/neovim/build/../src/nvim/ex_docmd.c:8197:5
16 0xb8065b in exec_normal_cmd /home/vagrant/neovim/build/../src/nvim/ex_docmd.c:8180:3
17 0xbb08df in ex_normal /home/vagrant/neovim/build/../src/nvim/ex_docmd.c:8098:7
18 0xb4ba9c in do_one_cmd /home/vagrant/neovim/build/../src/nvim/ex_docmd.c:2242:5
19 0xb2dd03 in do_cmdline /home/vagrant/neovim/build/../src/nvim/ex_docmd.c:609:20
20 0x8646b1 in ex_execute /home/vagrant/neovim/build/../src/nvim/eval.c:19478:7
21 0xb4ba9c in do_one_cmd /home/vagrant/neovim/build/../src/nvim/ex_docmd.c:2242:5
22 0xb2dd03 in do_cmdline /home/vagrant/neovim/build/../src/nvim/ex_docmd.c:609:20
23 0x845302 in call_user_func /home/vagrant/neovim/build/../src/nvim/eval.c:21332:3
24 0x81097b in call_func /home/vagrant/neovim/build/../src/nvim/eval.c:6358:11
25 0x825778 in get_func_tv /home/vagrant/neovim/build/../src/nvim/eval.c:6120:11
26 0x81e361 in ex_call /home/vagrant/neovim/build/../src/nvim/eval.c:2735:9
27 0xb4ba9c in do_one_cmd /home/vagrant/neovim/build/../src/nvim/ex_docmd.c:2242:5
28 0xb2dd03 in do_cmdline /home/vagrant/neovim/build/../src/nvim/ex_docmd.c:609:20
29 0x8646b1 in ex_execute /home/vagrant/neovim/build/../src/nvim/eval.c:19478:7
30 0xb4ba9c in do_one_cmd /home/vagrant/neovim/build/../src/nvim/ex_docmd.c:2242:5
31 0xb2dd03 in do_cmdline /home/vagrant/neovim/build/../src/nvim/ex_docmd.c:609:20
32 0x845302 in call_user_func /home/vagrant/neovim/build/../src/nvim/eval.c:21332:3
33 0x81097b in call_func /home/vagrant/neovim/build/../src/nvim/eval.c:6358:11
34 0x825778 in get_func_tv /home/vagrant/neovim/build/../src/nvim/eval.c:6120:11
35 0x81e361 in ex_call /home/vagrant/neovim/build/../src/nvim/eval.c:2735:9
36 0xb4ba9c in do_one_cmd /home/vagrant/neovim/build/../src/nvim/ex_docmd.c:2242:5
37 0xb2dd03 in do_cmdline /home/vagrant/neovim/build/../src/nvim/ex_docmd.c:609:20
38 0xb17fdd in do_source /home/vagrant/neovim/build/../src/nvim/ex_cmds2.c:2973:3
39 0xb14630 in cmd_source /home/vagrant/neovim/build/../src/nvim/ex_cmds2.c:2718:14
40 0xb14727 in ex_source /home/vagrant/neovim/build/../src/nvim/ex_cmds2.c:2699:3
41 0xb4ba9c in do_one_cmd /home/vagrant/neovim/build/../src/nvim/ex_docmd.c:2242:5
42 0xb2dd03 in do_cmdline /home/vagrant/neovim/build/../src/nvim/ex_docmd.c:609:20
43 0xb34015 in do_cmdline_cmd /home/vagrant/neovim/build/../src/nvim/ex_docmd.c:280:10
44 0xe829d3 in exe_commands /home/vagrant/neovim/build/../src/nvim/main.c:1702:5
45 0xe708bd in main /home/vagrant/neovim/build/../src/nvim/main.c:524:5
46 0x7f0012a7782f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
47 0x44d628 in _start (/home/vagrant/neovim/build/bin/nvim+0x44d628)
0x6020000c4f34 is located 0 bytes to the right of 4-byte region [0x6020000c4f30,0x6020000c4f34)
allocated by thread T0 here:
0 0x50e128 in malloc (/home/vagrant/neovim/build/bin/nvim+0x50e128)
1 0xf7d871 in try_malloc /home/vagrant/neovim/build/../src/nvim/memory.c:87:15
2 0xf7da99 in xmalloc /home/vagrant/neovim/build/../src/nvim/memory.c:121:15
3 0xfde3c7 in ins_char_bytes /home/vagrant/neovim/build/../src/nvim/misc1.c:1473:18
4 0xfdef41 in ins_char /home/vagrant/neovim/build/../src/nvim/misc1.c:1403:3
5 0x79dd03 in insertchar /home/vagrant/neovim/build/../src/nvim/edit.c:5285:7
6 0x7be70f in insert_special /home/vagrant/neovim/build/../src/nvim/edit.c:5071:5
7 0x7bd94a in insert_handle_key /home/vagrant/neovim/build/../src/nvim/edit.c:1229:7
8 0x76df14 in insert_execute /home/vagrant/neovim/build/../src/nvim/edit.c:764:10
9 0x173cda9 in state_enter /home/vagrant/neovim/build/../src/nvim/state.c:67:26
10 0x77601d in insert_enter /home/vagrant/neovim/build/../src/nvim/edit.c:458:5
11 0x76986e in edit /home/vagrant/neovim/build/../src/nvim/edit.c:1327:3
12 0x1118661 in invoke_edit /home/vagrant/neovim/build/../src/nvim/normal.c:7591:7
13 0x10e60bc in nv_Replace /home/vagrant/neovim/build/../src/nvim/normal.c:6070:7
14 0x10f235d in nv_g_cmd /home/vagrant/neovim/build/../src/nvim/normal.c:6541:5
15 0x10c0eaa in normal_execute /home/vagrant/neovim/build/../src/nvim/normal.c:1136:3
16 0x10b8444 in normal_cmd /home/vagrant/neovim/build/../src/nvim/normal.c:7995:9
17 0xb80982 in exec_normal /home/vagrant/neovim/build/../src/nvim/ex_docmd.c:8197:5
18 0xb8065b in exec_normal_cmd /home/vagrant/neovim/build/../src/nvim/ex_docmd.c:8180:3
19 0xbb08df in ex_normal /home/vagrant/neovim/build/../src/nvim/ex_docmd.c:8098:7
20 0xb4ba9c in do_one_cmd /home/vagrant/neovim/build/../src/nvim/ex_docmd.c:2242:5
21 0xb2dd03 in do_cmdline /home/vagrant/neovim/build/../src/nvim/ex_docmd.c:609:20
22 0x8646b1 in ex_execute /home/vagrant/neovim/build/../src/nvim/eval.c:19478:7
23 0xb4ba9c in do_one_cmd /home/vagrant/neovim/build/../src/nvim/ex_docmd.c:2242:5
24 0xb2dd03 in do_cmdline /home/vagrant/neovim/build/../src/nvim/ex_docmd.c:609:20
25 0x845302 in call_user_func /home/vagrant/neovim/build/../src/nvim/eval.c:21332:3
26 0x81097b in call_func /home/vagrant/neovim/build/../src/nvim/eval.c:6358:11
27 0x825778 in get_func_tv /home/vagrant/neovim/build/../src/nvim/eval.c:6120:11
28 0x81e361 in ex_call /home/vagrant/neovim/build/../src/nvim/eval.c:2735:9
29 0xb4ba9c in do_one_cmd /home/vagrant/neovim/build/../src/nvim/ex_docmd.c:2242:5
SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/vagrant/neovim/build/bin/nvim+0x4f7970) in __asan_memmove
Shadow bytes around the buggy address:
0x0c0480010990: fa fa fd fa fa fa fd fa fa fa 00 fa fa fa 01 fa
0x0c04800109a0: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x0c04800109b0: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x0c04800109c0: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
0x0c04800109d0: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
=>0x0c04800109e0: fa fa 05 fa fa fa[04]fa fa fa fa fa fa fa fa fa
0x0c04800109f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0480010a00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0480010a10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0480010a20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0480010a30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==31341==ABORTING
Problem: Invalid memory access in read_redo(). (gy741)
Solution: Convert the replacement character back from a negative number to
CR or NL. (hint by Dominique Pelle, closesvim/vim#2616)
f12519dec8
Test_edit_08() depends on special-case handling in has_compl_option()
and redrawing() which are in Vim but are not wanted in Nvim. Using a Lua
test instead of depending on workarounds in the core to make the VimL
test work.
Problem: Still interference between test functions.
Solution: Clear autocommands. Wipe all buffers. Fix tests that depend on a
specific start context.
cf1ba35fc2
Problem: The conf filetype detection is done before ftdetect scripts from
packages that are added later.
Solution: Add the FALLBACK argument to :setfiletype. (closesvim/vim#1679,
closesvim/vim#1693)
3e54569b17
Problem: When typing a search pattern CTRL-G and CTRL-T are ignored when
there is typeahead.
Solution: Don't pass SEARCH_PEEK and don't call char_avail(). (haya14busa,
closesvim/vim#2233)
f8e8c0643b
Problem: :argadd without argument can't handle space in file name. (Harm te
Hennepe)
Solution: Escape the space. (Yasuhiro Matsumoto, closesvim/vim#1917)
398ee7326b
Problem: Using ":%argdel" while the argument list is already empty gives an
error. (Pavol Juhas)
Solution: Don't give an error. (closesvim/vim#1546)
69a92fb5ae
Also:
vim-patch:8.0.0473
We have a ported Lua version, but we should also keep the Vim version
around to make merging easier.
---
vim-patch:8.0.0723: arglist test fails if file name case is ignored
Problem: Arglist test fails if file name case is ignored.
Solution: Wipe existing buffers, check for fname_case property.
9b50bba643
Problem: Segfault with QuitPre autocommand closes the window. (Marek)
Solution: Check that the window pointer is still valid. (Christian Brabandt,
closesvim/vim#1817)
0ea5070d79
Problem: Crash with nasty autocommand. (gy741, Dominique Pelle)
Solution: Check that the new current buffer isn't wiped out. (closesvim/vim#2447)
9bca805ec4
Problem: Crash when closing the quickfix window in a FileType autocommand
that triggers when the quickfix window is opened.
Solution: Save the new value before triggering the OptionSet autocommand.
Add the "starting" flag to test_override() to make the text work.
182a17b1e8
Problem: The OptionSet autocommand event is not triggered when entering
diff mode.
Solution: use set_option_value() instead of setting the option directly.
Change the tests from old to new style. (Christian Brabandt)
04f62f881c
Problem: Still quite a few old style tests.
Solution: Convert old to new style tests. (Yegappan Lakshmanan)
Avoid ringing the bell while running tests.
4a6fcf8047
Problem: When a test fails and test.log is created, Test_edit_CTRL_I
matches it instead of test1.in.
Solution: Match with runtest.vim instead.
c537947100
Problem: Still many old style tests.
Solution: Convert several tests to new style. (Yegappan Lakshmanan)
4a137b4586
vim-patch:8.0.0862: file size test fails on MS-Windows
Problem: File size test fails on MS-Windows.
Solution: Set fileformat after opening new buffer. Strip CR.
07c043af5f
Problem: Using a text object to select quoted text fails when 'selection'
is set to "exclusive". (Guraga)
Solution: Swap cursor and visual start position. (Christian Brabandt,
closesvim/vim#1687)
c5e2b040b4
Problem: The ~ character is not escaped when adding to the search pattern
with CTRL-L. (Ramel Eshed)
Solution: Escape the character. (Christian Brabandt)
a693d0584b
Make HlAttr contain highlighting state for both color modes (cterm and rgb).
This allows us to implement termguicolors completely in the TUI.
Simplify some logic duplicated between ui.c and screen.c. Also avoid
some superfluous highlighting reset events.
Problem: Searchpair() might return an invalid value on timeout.
Solution: When the second search times out, do not accept a match from the
first search. (Daniel Hahler, closesvim/vim#2552)
9d32276b52
