You are viewing an historical archive of past issues. Please report new issues to the appropriate project issue tracker on GitHub.

Bug #2054: segfault in recursive_match

Kind bug
Product Command-T
When
Status closed
Reporter Marius Gedminas
Tags no tags

Description

I launch vim in my home directory, hit \t, and it segfaults.

Running under gdb I get this:

Program received signal SIGSEGV, Segmentation fault.                  
CommandTMatch_initialize (argc=<optimized out>, argv=<optimized out>, 
    self=12729560) at match.c:163
163	                if (c == '.' && (i == 0 || m.str_p[i - 1] == '/'))

(gdb) bt
#0  CommandTMatch_initialize (argc=<optimized out>, argv=<optimized out>, 
    self=12729560) at match.c:163
#1  0x00007ffff4323fe2 in ?? () from /usr/lib/libruby-1.9.1.so.1.9
#2  0x00007ffff4274800 in rb_class_new_instance ()
   from /usr/lib/libruby-1.9.1.so.1.9
#3  0x00007ffff4323fe2 in ?? () from /usr/lib/libruby-1.9.1.so.1.9
#4  0x00007ffff4325aa0 in rb_funcall () from /usr/lib/libruby-1.9.1.so.1.9
#5  0x00007fffea148a1e in CommandTMatcher_matches_for (self=<optimized out>, 
    abbrev=12077440) at matcher.c:159
#6  0x00007fffea148b2f in CommandTMatcher_sorted_matches_for (self=11968760, 
    abbrev=11311760, options=<optimized out>) at matcher.c:105
#7  0x00007ffff4327b1b in ?? () from /usr/lib/libruby-1.9.1.so.1.9
#8  0x00007ffff431d989 in ?? () from /usr/lib/libruby-1.9.1.so.1.9
#9  0x00007ffff4323014 in ?? () from /usr/lib/libruby-1.9.1.so.1.9
#10 0x00007ffff4323453 in ?? () from /usr/lib/libruby-1.9.1.so.1.9
#11 0x00007ffff423476d in rb_protect () from /usr/lib/libruby-1.9.1.so.1.9
#12 0x00000000005acae8 in ex_ruby ()
#13 0x000000000048e644 in do_cmdline ()
#14 0x0000000000465c6d in call_user_func ()
#15 0x0000000000466696 in call_func ()
#16 0x000000000046a798 in get_func_tv ()
#17 0x000000000046e1fc in ex_call ()
#18 0x000000000048e644 in do_cmdline ()
#19 0x0000000000433818 in do_ucmd ()
#20 0x0000000000490859 in do_cmdline ()
#21 0x00000000004f79de in nv_colon ()
#22 0x00000000004fde50 in normal_cmd ()
#23 0x00000000005b507d in main_loop ()
#24 0x0000000000435b47 in main ()

I've vim 7.3.782 (built from sources), ruby 1.9.1 (from Ubuntu 12.10) and latest command-t.vim (git describe calls it '1.4-8-g07087e1').

This is not 100% reproducible -- initially I got an error message about invalid UTF-8 byte sequence, an empty command-t window, and :q gives me a segfault in 

#0  recursive_match (m=0x7fffffffbcd0, str_idx=0, abbrev_idx=0, last_idx=0, 
    score=0) at match.c:53
#1  0x00007fffea148602 in CommandTMatch_initialize (argc=<optimized out>, 
    argv=<optimized out>, self=11405280) at match.c:172
#2  0x00007ffff4323fe2 in ?? () from /usr/lib/libruby-1.9.1.so.1.9
#3  0x00007ffff4274800 in rb_class_new_instance ()
   from /usr/lib/libruby-1.9.1.so.1.9
#4  0x00007ffff4323fe2 in ?? () from /usr/lib/libruby-1.9.1.so.1.9
#5  0x00007ffff4325aa0 in rb_funcall () from /usr/lib/libruby-1.9.1.so.1.9
#6  0x00007fffea148a1e in CommandTMatcher_matches_for (self=<optimized out>, 
    abbrev=11405320) at matcher.c:159
#7  0x00007fffea148b2f in CommandTMatcher_sorted_matches_for (self=11953680, 
    abbrev=11409720, options=<optimized out>) at matcher.c:105
#8  0x00007ffff4327b1b in ?? () from /usr/lib/libruby-1.9.1.so.1.9
#9  0x00007ffff431d989 in ?? () from /usr/lib/libruby-1.9.1.so.1.9
#10 0x00007ffff4323014 in ?? () from /usr/lib/libruby-1.9.1.so.1.9
#11 0x00007ffff4323453 in ?? () from /usr/lib/libruby-1.9.1.so.1.9
#12 0x00007ffff423476d in rb_protect () from /usr/lib/libruby-1.9.1.so.1.9
#13 0x00000000005acae8 in ex_ruby ()
#14 0x000000000048e644 in do_cmdline ()
#15 0x0000000000465c6d in call_user_func ()
#16 0x0000000000466696 in call_func ()
#17 0x000000000046a798 in get_func_tv ()
#18 0x000000000046e1fc in ex_call ()
#19 0x000000000048e644 in do_cmdline ()
#20 0x00000000004f79de in nv_colon ()
#21 0x00000000004fde50 in normal_cmd ()
#22 0x00000000005b507d in main_loop ()
#23 0x0000000000435b47 in main ()

Comments

  1. Marius Gedminas

    I've removed and rebuilt command-t's ext.so, to avoid misundestandings, and reproduced the segfault in an empty directory with a single file named 'a'. Here's the traceback (this time with ruby's debug symbols too): 

    Program received signal SIGSEGV, Segmentation fault.
CommandTMatcher_matches_for (self=<optimized out>, abbrev=13612280)
    at matcher.c:158
158	        VALUE path = RARRAY_PTR(paths)[i];
(gdb) bt
#0  CommandTMatcher_matches_for (self=<optimized out>, abbrev=13612280)
    at matcher.c:158
#1  0x00007fffe1d81c1f in CommandTMatcher_sorted_matches_for (self=13504000, 
    abbrev=12845960, options=<optimized out>) at matcher.c:105
#2  0x00007ffff4327b1b in vm_call_cfunc (me=0xebd090, blockptr=0x0, 
    recv=<optimized out>, num=2, reg_cfp=0x7fffe248ad50, th=0xaf7580)
    at vm_insnhelper.c:404
#3  vm_call_method (th=th@entry=0xaf7580, cfp=cfp@entry=0x7fffe248ad50, num=2, 
    blockptr=0x0, flag=<optimized out>, id=<optimized out>, me=0xebd090, 
    recv=13504000) at vm_insnhelper.c:534
#4  0x00007ffff431d989 in vm_exec_core (th=th@entry=0xaf7580, 
    initial=initial@entry=0) at insns.def:1015
#5  0x00007ffff4323014 in vm_exec (th=th@entry=0xaf7580) at vm.c:1220
#6  0x00007ffff4323453 in eval_string_with_cref (self=11912520, src=13507920, 
    scope=4, cref=0x0, file=0x7ffff435ea39 "(eval)", line=0) at vm_eval.c:1050
#7  0x00007ffff423476d in rb_protect (proc=0x7ffff4323980 <rb_eval_string>, 
    data=18461257, state=0x7fffffffbe6c) at eval.c:719
#8  0x00000000005acae8 in ex_ruby ()
#9  0x000000000048e644 in do_cmdline ()
#10 0x0000000000465c6d in call_user_func ()
#11 0x0000000000466696 in call_func ()
#12 0x000000000046a798 in get_func_tv ()
#13 0x000000000046e1fc in ex_call ()
#14 0x000000000048e644 in do_cmdline ()
#15 0x0000000000433818 in do_ucmd ()
#16 0x0000000000490859 in do_cmdline ()
#17 0x00000000004f79de in nv_colon ()
#18 0x00000000004fde50 in normal_cmd ()
#19 0x00000000005b507d in main_loop ()
#20 0x0000000000435b47 in main ()
  2. Marius Gedminas

    Never mind, I'm an idiot.

    I rm'ed ext.so, but forgot to rm *.o. Really rebuilding the extension module made the segfault go away.

    I'm sorry for wasting your time! I'll go find a brown paper bag.

  3. Greg Hurrell

    'twas a good bug report. I expect the most likely explanation was a mismatch in Ruby versions; when you recompiled it, you likely eliminated the mismatch.

  4. Greg Hurrell

    Status changed:

    • From: new
    • To: closed
Add a comment

Comments are now closed for this issue.

Menu