Skip to content

Use neovim versions of ~/.vim and ~/.vimrc #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Use neovim versions of ~/.vim and ~/.vimrc #44

wants to merge 1 commit into from

Conversation

wellle
Copy link
Contributor

@wellle wellle commented Feb 22, 2014

Rename the following files and directories:

~/.vim     → ~/.neovim
~/.vimrc   → ~/.neovimrc
~/.gvimrc  → ~/.neogvimrc
~/.viminfo → ~/.neoviminfo

Close #26.

@Coornail
Copy link
Contributor

Maybe we want to fall back to the original files in case the neo* files are missing.

What do you think?

@jdiez17
Copy link
Contributor

jdiez17 commented Feb 22, 2014

Agreed, there should be a fallback.

@wlhlm
Copy link

wlhlm commented Feb 22, 2014

How about using n* instead of neo* to have more concise names?

@felipecrv
Copy link
Contributor

Falling back to original files complicates things way too much. Instead of implementing the fallback we would be better off not even considering ~/.neovim files and just stick to the original names.

Imagine how puzzled the user will be if the ~/.vimrc configuration stops working just because an empty ~/.neovimrc was created.

The user can always symlink ~/.neovim to ~/.vim if it works for him.

@sbeckeriv
Copy link
Contributor

Is there a way to push this in to the build or is that a bad idea? Have the default build script default to neovim and a release build that uses vim?

@Coornail
Copy link
Contributor

I would prefer having one .vimrc in my dotfiles and both vim and neovim could pick it up (as it does now).

@wellle
Copy link
Contributor Author

wellle commented Feb 22, 2014

Falling back sounds like a good idea, but I agree that it would complicate matters.

If we are going to add settings and constructs to neovim that are not available in Vim, using the same configuration files will result in conflicts. So it might be a good idea to have this separation right from the start.

And if you don't want to have that separation you could still symlink ~/.neovim to ~/.vim.

I would also be fine with ~/.nvim instead of ~/.neovim.

On a more general note, are we planning to rename the executable at some point to avoid confusion with Vim?

@ekosz
Copy link

ekosz commented Feb 22, 2014

If the goal of neovim is to be a replacement for vim, it should be able to work off of the same vimrc. I don't think it should work off of a separate configuration file.

@wellle
Copy link
Contributor Author

wellle commented Feb 22, 2014

But isn't it also a goal to refactor it so it becomes easier to implement new features that are hard to add to Vim? Job control and the new plugin architecture are likely to introduce knobs that won't work in Vim.

@sethwoodworth
Copy link
Contributor

There are decent conventions to conditionally configure plugins based on if they have loaded or not. Typically:

if (exists(":TagbarToggle"))
    let g:airline#extensions#tabline#enabled = 1 
en

I prefer (for now) a convention for people adding neovim specific config files of if (exists(":neovim")) blocks. I think this will ease development.

@0X1A
Copy link

0X1A commented Feb 22, 2014

I guess the question is whether neovim is really a replacement or a new implementation?

@benbarbour
Copy link

👍 @wellle. There's always -u and changing the runtimepath if you want to run both vim and neovim at the same time with different settings (which I imagine will be very desirable during testing neovim!), but keeping them separate just seems cleaner. Especially considering the strong possibility of neovim specific settings. Even if they're separate, it would be trivial to symlink them, or I would think .nvimrc could even source .vimrc, if desired.

It's not like changing the defaults paths will be very hard at any point in the project though.

@ShaneDelmore
Copy link

I agree with sethwoodworth, an environment variable allowing a conditional neovim block to run is an easier way to handle this.

@sbeckeriv
Copy link
Contributor

@Peregrinati testing and development was my main thoughts when I requested this change #26 (comment)

@0X1A I understand it will be a replacement. I think a build for release would use vim vs noevim.

Will new features in this code base need exists(":neovim") code? Plugins/shared code will need it for sure.

@jmkogut
Copy link

jmkogut commented Feb 23, 2014

@sethwoodworth I agree with you completely, let's use the original configuration files and set a global "is_neovim" or whatever.

@afh
Copy link
Contributor

afh commented Feb 23, 2014

👍 on @sethwoodworth proposal for if (exists(":neovim"))

@Olivia5k
Copy link

exists(":neovim") implies that there is a command called neovim (invoked as :neovim). Instead, neovim should define a feature and use has(). See :he has() and :he feature-list.

jdiez17 added a commit to jdiez17/neovim that referenced this pull request Feb 23, 2014
@jdiez17
Added 'neovim' to the feature list, following discussion on neovim#44
2ab7272
jdiez17 added a commit to jdiez17/neovim that referenced this pull request Feb 23, 2014
@jdiez17
Added 'neovim' to the feature list, following discussion on neovim#44
32ecf47
jdiez17 added a commit to jdiez17/neovim that referenced this pull request Feb 23, 2014
@jdiez17
Added 'neovim' to the feature list, following discussion on neovim#44
da2906f
@tarruda
Copy link
Member

tarruda commented Feb 24, 2014

Merged, thanks

@tarruda tarruda closed this Feb 24, 2014
@tarruda tarruda mentioned this pull request Feb 24, 2014
Closed
@wellle wellle deleted the neovim_files branch February 24, 2014 17:21
ashleyh added a commit that referenced this pull request Feb 24, 2014
@ashleyh
Merge pull request #79 from jdiez17/has_neovim
eedb6a3 
Added 'neovim' to the feature list, following discussion on #44
cepko33 pushed a commit to cepko33/neovim that referenced this pull request Feb 27, 2014
@jdiez17
Added 'neovim' to the feature list, following discussion on neovim#44
e7ba721
cepko33 pushed a commit to cepko33/neovim that referenced this pull request Feb 27, 2014
@ashleyh
Merge pull request neovim#79 from jdiez17/has_neovim
8c7c56a 
Added 'neovim' to the feature list, following discussion on neovim#44
@justinmk justinmk mentioned this pull request Mar 1, 2014
Closed
@blueyed blueyed mentioned this pull request Feb 7, 2017
Merged
justinmk pushed a commit to justinmk/neovim that referenced this pull request Feb 11, 2017
@ZyX-I @justinmk
eval/typval_encode: Restore original copyID
09da6cb 
Does not actually matter for most uses, but critical for mark&sweep garbage
collector.

Closes neovim#5234
Closes neovim#5774
Closes neovim#5817
Closes neovim#5883
Closes neovim#5934
Closes neovim#5970
Closes neovim#5548

Helped-by: James McCoy <jamessan@jamessan.com>
Helped-by: Tommy Allen <tommy@esdf.io>
Helped-by: Justin M. Keyes <justinkz@gmail.com>

Sample backtrace showing dv_copyID being overwritten by clear_tv, which
allows it to be collected by garbage_collect .. free_unref_items:

    Old value = 152911
    New value = 152912
    0x00000000004938e5 in encode_vim_to_nothing (ignored=0x7fb6348f3b20, top_tv=0x7fb6348f3b20, objname=0x6d62e9 "clear_tv argument") at ../src/nvim/eval/typval_encode.c.h:641
    641               cur_mpsv->data.d.dict->dv_copyID = copyID - 1;
    (rr) bt
    #0  0x00000000004938e5 in encode_vim_to_nothing (ignored=0x7fb6348f3b20, top_tv=0x7fb6348f3b20, objname=0x6d62e9 "clear_tv argument") at ../src/nvim/eval/typval_encode.c.h:641
    #1  0x0000000000485dee in clear_tv (varp=0x7fb6348f3b20) at /home/foo/src/github.com/neovim/src/nvim/eval.c:19876
    #2  0x0000000000494e5e in vars_clear_ext (ht=0x7fb634351460, free_val=1) at /home/foo/src/github.com/neovim/src/nvim/eval.c:20378
    #3  0x0000000000494dca in vars_clear (ht=0x7fb634351460) at /home/foo/src/github.com/neovim/src/nvim/eval.c:20355
    #4  0x000000000048efa3 in free_funccal (fc=0x7fb634351200, free_val=0) at /home/foo/src/github.com/neovim/src/nvim/eval.c:22927
    #5  0x0000000000491d8f in call_user_func (fp=0x7fb6340ae4e0, argcount=0, argvars=0x7ffdd216a050, rettv=0x7ffdd216a2b0, firstline=2, lastline=2, selfdict=0x0)
        at /home/foo/src/github.com/neovim/src/nvim/eval.c:22818
    #6  0x00000000004873a4 in call_func (funcname=0x7fb6348ba3e0 "vimfiler#view#_redraw_screen", len=28, rettv=0x7ffdd216a2b0, argcount_in=0, argvars_in=0x7ffdd216a050, argv_func=0x0, firstline=2,
        lastline=2, doesrange=0x7ffdd216a2ac, evaluate=true, partial=0x0, selfdict_in=0x0) at /home/foo/src/github.com/neovim/src/nvim/eval.c:7687
    neovim#7  0x000000000048a6f0 in get_func_tv (name=0x7fb6348ba3e0 "vimfiler#view#_redraw_screen", len=28, rettv=0x7ffdd216a2b0, arg=0x7ffdd216a2c8, firstline=2, lastline=2, doesrange=0x7ffdd216a2ac,
        evaluate=1, partial=0x0, selfdict=0x0) at /home/foo/src/github.com/neovim/src/nvim/eval.c:7459
    neovim#8  0x0000000000489691 in ex_call (eap=0x7ffdd216a598) at /home/foo/src/github.com/neovim/src/nvim/eval.c:2817
    neovim#9  0x00000000004fae46 in do_one_cmd (cmdlinep=0x7ffdd216a878, flags=7, cstack=0x7ffdd216a880, fgetline=0x4f7c30 <get_loop_line>, cookie=0x7ffdd216a7f8)
        at /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198
    neovim#10 0x00000000004f6ae3 in do_cmdline (cmdline=0x0, fgetline=0x499f50 <get_func_line>, cookie=0x7fb634350800, flags=7) at /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601
    neovim#11 0x00000000004918c0 in call_user_func (fp=0x7fb6340ae6a0, argcount=0, argvars=0x7ffdd216b6d0, rettv=0x7ffdd216b930, firstline=2, lastline=2, selfdict=0x0)
        at /home/foo/src/github.com/neovim/src/nvim/eval.c:22728
    neovim#12 0x00000000004873a4 in call_func (funcname=0x7fb6348f3ee0 "vimfiler#view#_redraw_all_vimfiler", len=34, rettv=0x7ffdd216b930, argcount_in=0, argvars_in=0x7ffdd216b6d0, argv_func=0x0,
        firstline=2, lastline=2, doesrange=0x7ffdd216b92c, evaluate=true, partial=0x0, selfdict_in=0x0) at /home/foo/src/github.com/neovim/src/nvim/eval.c:7687
    neovim#13 0x000000000048a6f0 in get_func_tv (name=0x7fb6348f3ee0 "vimfiler#view#_redraw_all_vimfiler", len=34, rettv=0x7ffdd216b930, arg=0x7ffdd216b948, firstline=2, lastline=2, doesrange=0x7ffdd216b92c,
        evaluate=1, partial=0x0, selfdict=0x0) at /home/foo/src/github.com/neovim/src/nvim/eval.c:7459
    neovim#14 0x0000000000489691 in ex_call (eap=0x7ffdd216bc18) at /home/foo/src/github.com/neovim/src/nvim/eval.c:2817
    neovim#15 0x00000000004fae46 in do_one_cmd (cmdlinep=0x7ffdd216bef8, flags=7, cstack=0x7ffdd216bf00, fgetline=0x539820 <getnextac>, cookie=0x7ffdd216c508)
        at /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198
    neovim#16 0x00000000004f6ae3 in do_cmdline (cmdline=0x0, fgetline=0x539820 <getnextac>, cookie=0x7ffdd216c508, flags=7) at /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601
    neovim#17 0x00000000005390ee in apply_autocmds_group (event=EVENT_VIMRESIZED, fname=0x7fb6348ed2c0 "/home/foo/src/github.com/neovim/build/vimfiler:default", fname_io=0x0, force=false, group=-3,
        buf=0x7fb634858000, eap=0x0) at /home/foo/src/github.com/neovim/src/nvim/fileio.c:6882
    neovim#18 0x000000000052f67c in apply_autocmds (event=EVENT_VIMRESIZED, fname=0x0, fname_io=0x0, force=false, buf=0x7fb634858000) at /home/foo/src/github.com/neovim/src/nvim/fileio.c:6527
    neovim#19 0x0000000000640df2 in screenalloc (doclear=false) at /home/foo/src/github.com/neovim/src/nvim/screen.c:6234
    neovim#20 0x00000000006320d2 in screenclear () at /home/foo/src/github.com/neovim/src/nvim/screen.c:6277
    neovim#21 0x0000000000641edf in screen_resize (width=49, height=56) at /home/foo/src/github.com/neovim/src/nvim/screen.c:7366
    neovim#22 0x00000000006b2d82 in ui_refresh () at /home/foo/src/github.com/neovim/src/nvim/ui.c:175
    neovim#23 0x00000000006b3121 in ui_refresh_event (argv=0x7ffdd216c748) at /home/foo/src/github.com/neovim/src/nvim/ui.c:181
    neovim#24 0x00000000004d8297 in multiqueue_process_events (this=0x7fb634812370) at /home/foo/src/github.com/neovim/src/nvim/event/multiqueue.c:146
    neovim#25 0x00000000004d7616 in loop_poll_events (loop=0x96e900 <main_loop>, ms=-1) at /home/foo/src/github.com/neovim/src/nvim/event/loop.c:56
    neovim#26 0x00000000005eb635 in input_poll (ms=-1) at /home/foo/src/github.com/neovim/src/nvim/os/input.c:326
    neovim#27 0x00000000005ea700 in inbuf_poll (ms=-1) at /home/foo/src/github.com/neovim/src/nvim/os/input.c:348
    neovim#28 0x00000000005ea61d in os_inchar (buf=0x0, maxlen=0, ms=-1, tb_change_cnt=0) at /home/foo/src/github.com/neovim/src/nvim/os/input.c:110
    neovim#29 0x000000000068e0af in state_enter (s=0x7ffdd216c888) at /home/foo/src/github.com/neovim/src/nvim/state.c:49
    neovim#30 0x00000000005ac514 in normal_enter (cmdwin=false, noexmode=false) at /home/foo/src/github.com/neovim/src/nvim/normal.c:463
    neovim#31 0x0000000000565c62 in main (argc=9, argv=0x7ffdd216cc28) at /home/foo/src/github.com/neovim/src/nvim/main.c:540

ASAN trace after provoking the bug with VimFiler:
=================================================================
==8540==ERROR: AddressSanitizer: heap-use-after-free on address 0x613000054748 at pc 0x0000007d1dd8 bp 0x7ffe71be6660 sp 0x7ffe71be6658
READ of size 4 at 0x613000054748 thread T0
    #0 0x7d1dd7 in copy_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:20116:37
    #1 0x87b92c in f_get /home/foo/src/github.com/neovim/src/nvim/eval.c:9895:5
    #2 0x7b35c0 in call_func /home/foo/src/github.com/neovim/src/nvim/eval.c:7286:11
    #3 0x7c8d7a in get_func_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:7091:11
    #4 0x8667f9 in eval7 /home/foo/src/github.com/neovim/src/nvim/eval.c:4353:15
    #5 0x8621e5 in eval6 /home/foo/src/github.com/neovim/src/nvim/eval.c:4073:7
    #6 0x85ce69 in eval5 /home/foo/src/github.com/neovim/src/nvim/eval.c:3925:7
    neovim#7 0x858071 in eval4 /home/foo/src/github.com/neovim/src/nvim/eval.c:3666:7
    neovim#8 0x857613 in eval3 /home/foo/src/github.com/neovim/src/nvim/eval.c:3588:7
    neovim#9 0x856bb3 in eval2 /home/foo/src/github.com/neovim/src/nvim/eval.c:3525:7
    neovim#10 0x7ab772 in eval1 /home/foo/src/github.com/neovim/src/nvim/eval.c:3458:7
    neovim#11 0x7abe36 in eval1 /home/foo/src/github.com/neovim/src/nvim/eval.c:3494:9
    neovim#12 0x7a9ecc in eval0 /home/foo/src/github.com/neovim/src/nvim/eval.c:3420:9
    neovim#13 0x830cac in ex_return /home/foo/src/github.com/neovim/src/nvim/eval.c:22191:10
    neovim#14 0xb06a1c in do_one_cmd /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198:5
    neovim#15 0xae5557 in do_cmdline /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601:20
    neovim#16 0x7f2490 in call_user_func /home/foo/src/github.com/neovim/src/nvim/eval.c:21993:3
    neovim#17 0x7b2eee in call_func /home/foo/src/github.com/neovim/src/nvim/eval.c:7271:11
    neovim#18 0x7c8d7a in get_func_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:7091:11
    neovim#19 0x8667f9 in eval7 /home/foo/src/github.com/neovim/src/nvim/eval.c:4353:15
    neovim#20 0x8621e5 in eval6 /home/foo/src/github.com/neovim/src/nvim/eval.c:4073:7
    neovim#21 0x85ce69 in eval5 /home/foo/src/github.com/neovim/src/nvim/eval.c:3925:7
    neovim#22 0x858071 in eval4 /home/foo/src/github.com/neovim/src/nvim/eval.c:3666:7
    neovim#23 0x857613 in eval3 /home/foo/src/github.com/neovim/src/nvim/eval.c:3588:7
    neovim#24 0x856bb3 in eval2 /home/foo/src/github.com/neovim/src/nvim/eval.c:3525:7
    neovim#25 0x7ab772 in eval1 /home/foo/src/github.com/neovim/src/nvim/eval.c:3458:7
    neovim#26 0x7a9ecc in eval0 /home/foo/src/github.com/neovim/src/nvim/eval.c:3420:9
    neovim#27 0x7b78f2 in ex_let /home/foo/src/github.com/neovim/src/nvim/eval.c:1479:9
    neovim#28 0xb06a1c in do_one_cmd /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198:5
    neovim#29 0xae5557 in do_cmdline /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601:20
    neovim#30 0x7f2490 in call_user_func /home/foo/src/github.com/neovim/src/nvim/eval.c:21993:3
    neovim#31 0x7b2eee in call_func /home/foo/src/github.com/neovim/src/nvim/eval.c:7271:11
    neovim#32 0x7c8d7a in get_func_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:7091:11
    neovim#33 0x7c1d3d in ex_call /home/foo/src/github.com/neovim/src/nvim/eval.c:2843:9
    neovim#34 0xb06a1c in do_one_cmd /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198:5
    neovim#35 0xae5557 in do_cmdline /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601:20
    neovim#36 0x7f2490 in call_user_func /home/foo/src/github.com/neovim/src/nvim/eval.c:21993:3
    neovim#37 0x7b2eee in call_func /home/foo/src/github.com/neovim/src/nvim/eval.c:7271:11
    neovim#38 0x7c8d7a in get_func_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:7091:11
    neovim#39 0x7c1d3d in ex_call /home/foo/src/github.com/neovim/src/nvim/eval.c:2843:9
    neovim#40 0xb06a1c in do_one_cmd /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198:5
    neovim#41 0xae5557 in do_cmdline /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601:20
    neovim#42 0xca2918 in apply_autocmds_group /home/foo/src/github.com/neovim/src/nvim/fileio.c:6882:5
    neovim#43 0xc6c446 in apply_autocmds /home/foo/src/github.com/neovim/src/nvim/fileio.c:6527:10
    neovim#44 0x140f374 in screenalloc /home/foo/src/github.com/neovim/src/nvim/screen.c:6234:5
    neovim#45 0x13958d1 in screenclear /home/foo/src/github.com/neovim/src/nvim/screen.c:6277:3
    neovim#46 0x1417573 in screen_resize /home/foo/src/github.com/neovim/src/nvim/screen.c:7366:5
    neovim#47 0x17fb59b in ui_refresh /home/foo/src/github.com/neovim/src/nvim/ui.c:175:3
    neovim#48 0x17fc100 in ui_refresh_event /home/foo/src/github.com/neovim/src/nvim/ui.c:181:3
    neovim#49 0xa05bbf in multiqueue_process_events /home/foo/src/github.com/neovim/src/nvim/event/multiqueue.c:146:7
    neovim#50 0x9ff8b6 in loop_poll_events /home/foo/src/github.com/neovim/src/nvim/event/loop.c:56:3
    neovim#51 0x120d584 in input_poll /home/foo/src/github.com/neovim/src/nvim/os/input.c:326:3
    neovim#52 0x12092ef in inbuf_poll /home/foo/src/github.com/neovim/src/nvim/os/input.c:348:24
    neovim#53 0x1209193 in os_inchar /home/foo/src/github.com/neovim/src/nvim/os/input.c:110:18
    neovim#54 0x16d3615 in state_enter /home/foo/src/github.com/neovim/src/nvim/state.c:49:13
    neovim#55 0x101090b in normal_enter /home/foo/src/github.com/neovim/src/nvim/normal.c:463:3
    neovim#56 0xdd0a82 in main /home/foo/src/github.com/neovim/src/nvim/main.c:542:3
    neovim#57 0x7f3c61df42b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
    neovim#58 0x44b959 in _start (/home/foo/src/github.com/neovim/build/bin/nvim+0x44b959)

0x613000054748 is located 8 bytes inside of 352-byte region [0x613000054740,0x6130000548a0)
freed by thread T0 here:
    #0 0x4e9d70 in __interceptor_cfree.localalias.0 (/home/foo/src/github.com/neovim/build/bin/nvim+0x4e9d70)
    #1 0xefa184 in xfree /home/foo/src/github.com/neovim/src/nvim/memory.c:130:3
    #2 0x7e52b5 in dict_free_dict /home/foo/src/github.com/neovim/src/nvim/eval.c:6431:3
    #3 0x7e1e2c in free_unref_items /home/foo/src/github.com/neovim/src/nvim/eval.c:6063:7
    #4 0x7946cd in garbage_collect /home/foo/src/github.com/neovim/src/nvim/eval.c:5985:16
    #5 0xd08f4f in before_blocking /home/foo/src/github.com/neovim/src/nvim/getchar.c:1331:5
    #6 0x1209157 in os_inchar /home/foo/src/github.com/neovim/src/nvim/os/input.c:109:9
    neovim#7 0x16d3615 in state_enter /home/foo/src/github.com/neovim/src/nvim/state.c:49:13
    neovim#8 0x101090b in normal_enter /home/foo/src/github.com/neovim/src/nvim/normal.c:463:3
    neovim#9 0xdd0a82 in main /home/foo/src/github.com/neovim/src/nvim/main.c:542:3
    neovim#10 0x7f3c61df42b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

previously allocated by thread T0 here:
    #0 0x4e9f08 in malloc (/home/foo/src/github.com/neovim/build/bin/nvim+0x4e9f08)
    #1 0xef9ee4 in try_malloc /home/foo/src/github.com/neovim/src/nvim/memory.c:84:15
    #2 0xefa0a4 in xmalloc /home/foo/src/github.com/neovim/src/nvim/memory.c:118:15
    #3 0x78bcc6 in dict_alloc /home/foo/src/github.com/neovim/src/nvim/eval.c:6321:15
    #4 0x86dc02 in get_dict_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:6789:9
    #5 0x865751 in eval7 /home/foo/src/github.com/neovim/src/nvim/eval.c:4296:21
    #6 0x8621e5 in eval6 /home/foo/src/github.com/neovim/src/nvim/eval.c:4073:7
    neovim#7 0x85ce69 in eval5 /home/foo/src/github.com/neovim/src/nvim/eval.c:3925:7
    neovim#8 0x858071 in eval4 /home/foo/src/github.com/neovim/src/nvim/eval.c:3666:7
    neovim#9 0x857613 in eval3 /home/foo/src/github.com/neovim/src/nvim/eval.c:3588:7
    neovim#10 0x856bb3 in eval2 /home/foo/src/github.com/neovim/src/nvim/eval.c:3525:7
    neovim#11 0x7ab772 in eval1 /home/foo/src/github.com/neovim/src/nvim/eval.c:3458:7
    neovim#12 0x7a9ecc in eval0 /home/foo/src/github.com/neovim/src/nvim/eval.c:3420:9
    neovim#13 0x7b78f2 in ex_let /home/foo/src/github.com/neovim/src/nvim/eval.c:1479:9
    neovim#14 0xb06a1c in do_one_cmd /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198:5
    neovim#15 0xae5557 in do_cmdline /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601:20
    neovim#16 0x7f2490 in call_user_func /home/foo/src/github.com/neovim/src/nvim/eval.c:21993:3
    neovim#17 0x7b2eee in call_func /home/foo/src/github.com/neovim/src/nvim/eval.c:7271:11
    neovim#18 0x7c8d7a in get_func_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:7091:11
    neovim#19 0x8667f9 in eval7 /home/foo/src/github.com/neovim/src/nvim/eval.c:4353:15
    neovim#20 0x8621e5 in eval6 /home/foo/src/github.com/neovim/src/nvim/eval.c:4073:7
    neovim#21 0x85ce69 in eval5 /home/foo/src/github.com/neovim/src/nvim/eval.c:3925:7
    neovim#22 0x858071 in eval4 /home/foo/src/github.com/neovim/src/nvim/eval.c:3666:7
    neovim#23 0x857613 in eval3 /home/foo/src/github.com/neovim/src/nvim/eval.c:3588:7
    neovim#24 0x856bb3 in eval2 /home/foo/src/github.com/neovim/src/nvim/eval.c:3525:7
    neovim#25 0x7ab772 in eval1 /home/foo/src/github.com/neovim/src/nvim/eval.c:3458:7
    neovim#26 0x93f89a in filter_map_one /home/foo/src/github.com/neovim/src/nvim/eval.c:9398:7
    neovim#27 0x93f33a in filter_map /home/foo/src/github.com/neovim/src/nvim/eval.c:9372:13
    neovim#28 0x8ceb57 in f_map /home/foo/src/github.com/neovim/src/nvim/eval.c:12900:3
    neovim#29 0x7b35c0 in call_func /home/foo/src/github.com/neovim/src/nvim/eval.c:7286:11

SUMMARY: AddressSanitizer: heap-use-after-free /home/foo/src/github.com/neovim/src/nvim/eval.c:20116:37 in copy_tv
Shadow bytes around the buggy address:
  0x0c2680002890: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c26800028a0: fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c26800028b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c26800028c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c26800028d0: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
=>0x0c26800028e0: fa fa fa fa fa fa fa fa fd[fd]fd fd fd fd fd fd
  0x0c26800028f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2680002900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2680002910: fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2680002920: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2680002930: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==8540==ABORTING
justinmk pushed a commit to justinmk/neovim that referenced this pull request Feb 11, 2017
@ZyX-I @justinmk
eval/typval_encode: Restore original copyID
fd9e3c9 
Does not actually matter for most uses, but critical for mark&sweep garbage
collector.

Closes neovim#5234
Closes neovim#5774
Closes neovim#5817
Closes neovim#5883
Closes neovim#5934
Closes neovim#5970
Closes neovim#5548

Helped-by: James McCoy <jamessan@jamessan.com>
Helped-by: Tommy Allen <tommy@esdf.io>
Helped-by: Justin M. Keyes <justinkz@gmail.com>

---

Steps to reproduce:

    Compile fb97457 with:
       CC=clang CFLAGS=" -O0 -g -DEXITFREE " cmake .. -DMIN_LOG_LEVEL=0 -DCMAKE_BUILD_TYPE=Debug -DBUSTED_OUTPUT_TYPE=utf
       -DCMAKE_INSTALL_PREFIX=$PWD/root -DJEMALLOC_USE_BUNDLED=1 -DCLANG_ASAN_UBSAN=ON -DPREFER_LUAJIT=false

    Directory `crash` contains:
    1. unite directory with Shougo/unite.vim@be09b0e
    2. vimfiler directory with Shougo/vimfiler.vim@72c37e8
    3. `init.vim` with a single line which sets `&rtp` to the above two directories (absolute path).

    bin/nvim -u ../crash/init.vim -i NONE --headless -s <(<<< $':split\n:VimFiler\n\C-ww:call garbagecollect()\n\C-w\C-w\C-w')

---

Sample backtrace showing dv_copyID being overwritten by clear_tv, which
allows it to be collected by garbage_collect .. free_unref_items:

    Old value = 152911
    New value = 152912
    0x00000000004938e5 in encode_vim_to_nothing (ignored=0x7fb6348f3b20, top_tv=0x7fb6348f3b20, objname=0x6d62e9 "clear_tv argument") at ../src/nvim/eval/typval_encode.c.h:641
    641               cur_mpsv->data.d.dict->dv_copyID = copyID - 1;
    (rr) bt
    #0  0x00000000004938e5 in encode_vim_to_nothing (ignored=0x7fb6348f3b20, top_tv=0x7fb6348f3b20, objname=0x6d62e9 "clear_tv argument") at ../src/nvim/eval/typval_encode.c.h:641
    #1  0x0000000000485dee in clear_tv (varp=0x7fb6348f3b20) at /home/foo/src/github.com/neovim/src/nvim/eval.c:19876
    #2  0x0000000000494e5e in vars_clear_ext (ht=0x7fb634351460, free_val=1) at /home/foo/src/github.com/neovim/src/nvim/eval.c:20378
    #3  0x0000000000494dca in vars_clear (ht=0x7fb634351460) at /home/foo/src/github.com/neovim/src/nvim/eval.c:20355
    #4  0x000000000048efa3 in free_funccal (fc=0x7fb634351200, free_val=0) at /home/foo/src/github.com/neovim/src/nvim/eval.c:22927
    #5  0x0000000000491d8f in call_user_func (fp=0x7fb6340ae4e0, argcount=0, argvars=0x7ffdd216a050, rettv=0x7ffdd216a2b0, firstline=2, lastline=2, selfdict=0x0)
        at /home/foo/src/github.com/neovim/src/nvim/eval.c:22818
    #6  0x00000000004873a4 in call_func (funcname=0x7fb6348ba3e0 "vimfiler#view#_redraw_screen", len=28, rettv=0x7ffdd216a2b0, argcount_in=0, argvars_in=0x7ffdd216a050, argv_func=0x0, firstline=2,
        lastline=2, doesrange=0x7ffdd216a2ac, evaluate=true, partial=0x0, selfdict_in=0x0) at /home/foo/src/github.com/neovim/src/nvim/eval.c:7687
    neovim#7  0x000000000048a6f0 in get_func_tv (name=0x7fb6348ba3e0 "vimfiler#view#_redraw_screen", len=28, rettv=0x7ffdd216a2b0, arg=0x7ffdd216a2c8, firstline=2, lastline=2, doesrange=0x7ffdd216a2ac,
        evaluate=1, partial=0x0, selfdict=0x0) at /home/foo/src/github.com/neovim/src/nvim/eval.c:7459
    neovim#8  0x0000000000489691 in ex_call (eap=0x7ffdd216a598) at /home/foo/src/github.com/neovim/src/nvim/eval.c:2817
    neovim#9  0x00000000004fae46 in do_one_cmd (cmdlinep=0x7ffdd216a878, flags=7, cstack=0x7ffdd216a880, fgetline=0x4f7c30 <get_loop_line>, cookie=0x7ffdd216a7f8)
        at /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198
    neovim#10 0x00000000004f6ae3 in do_cmdline (cmdline=0x0, fgetline=0x499f50 <get_func_line>, cookie=0x7fb634350800, flags=7) at /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601
    neovim#11 0x00000000004918c0 in call_user_func (fp=0x7fb6340ae6a0, argcount=0, argvars=0x7ffdd216b6d0, rettv=0x7ffdd216b930, firstline=2, lastline=2, selfdict=0x0)
        at /home/foo/src/github.com/neovim/src/nvim/eval.c:22728
    neovim#12 0x00000000004873a4 in call_func (funcname=0x7fb6348f3ee0 "vimfiler#view#_redraw_all_vimfiler", len=34, rettv=0x7ffdd216b930, argcount_in=0, argvars_in=0x7ffdd216b6d0, argv_func=0x0,
        firstline=2, lastline=2, doesrange=0x7ffdd216b92c, evaluate=true, partial=0x0, selfdict_in=0x0) at /home/foo/src/github.com/neovim/src/nvim/eval.c:7687
    neovim#13 0x000000000048a6f0 in get_func_tv (name=0x7fb6348f3ee0 "vimfiler#view#_redraw_all_vimfiler", len=34, rettv=0x7ffdd216b930, arg=0x7ffdd216b948, firstline=2, lastline=2, doesrange=0x7ffdd216b92c,
        evaluate=1, partial=0x0, selfdict=0x0) at /home/foo/src/github.com/neovim/src/nvim/eval.c:7459
    neovim#14 0x0000000000489691 in ex_call (eap=0x7ffdd216bc18) at /home/foo/src/github.com/neovim/src/nvim/eval.c:2817
    neovim#15 0x00000000004fae46 in do_one_cmd (cmdlinep=0x7ffdd216bef8, flags=7, cstack=0x7ffdd216bf00, fgetline=0x539820 <getnextac>, cookie=0x7ffdd216c508)
        at /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198
    neovim#16 0x00000000004f6ae3 in do_cmdline (cmdline=0x0, fgetline=0x539820 <getnextac>, cookie=0x7ffdd216c508, flags=7) at /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601
    neovim#17 0x00000000005390ee in apply_autocmds_group (event=EVENT_VIMRESIZED, fname=0x7fb6348ed2c0 "/home/foo/src/github.com/neovim/build/vimfiler:default", fname_io=0x0, force=false, group=-3,
        buf=0x7fb634858000, eap=0x0) at /home/foo/src/github.com/neovim/src/nvim/fileio.c:6882
    neovim#18 0x000000000052f67c in apply_autocmds (event=EVENT_VIMRESIZED, fname=0x0, fname_io=0x0, force=false, buf=0x7fb634858000) at /home/foo/src/github.com/neovim/src/nvim/fileio.c:6527
    neovim#19 0x0000000000640df2 in screenalloc (doclear=false) at /home/foo/src/github.com/neovim/src/nvim/screen.c:6234
    neovim#20 0x00000000006320d2 in screenclear () at /home/foo/src/github.com/neovim/src/nvim/screen.c:6277
    neovim#21 0x0000000000641edf in screen_resize (width=49, height=56) at /home/foo/src/github.com/neovim/src/nvim/screen.c:7366
    neovim#22 0x00000000006b2d82 in ui_refresh () at /home/foo/src/github.com/neovim/src/nvim/ui.c:175
    neovim#23 0x00000000006b3121 in ui_refresh_event (argv=0x7ffdd216c748) at /home/foo/src/github.com/neovim/src/nvim/ui.c:181
    neovim#24 0x00000000004d8297 in multiqueue_process_events (this=0x7fb634812370) at /home/foo/src/github.com/neovim/src/nvim/event/multiqueue.c:146
    neovim#25 0x00000000004d7616 in loop_poll_events (loop=0x96e900 <main_loop>, ms=-1) at /home/foo/src/github.com/neovim/src/nvim/event/loop.c:56
    neovim#26 0x00000000005eb635 in input_poll (ms=-1) at /home/foo/src/github.com/neovim/src/nvim/os/input.c:326
    neovim#27 0x00000000005ea700 in inbuf_poll (ms=-1) at /home/foo/src/github.com/neovim/src/nvim/os/input.c:348
    neovim#28 0x00000000005ea61d in os_inchar (buf=0x0, maxlen=0, ms=-1, tb_change_cnt=0) at /home/foo/src/github.com/neovim/src/nvim/os/input.c:110
    neovim#29 0x000000000068e0af in state_enter (s=0x7ffdd216c888) at /home/foo/src/github.com/neovim/src/nvim/state.c:49
    neovim#30 0x00000000005ac514 in normal_enter (cmdwin=false, noexmode=false) at /home/foo/src/github.com/neovim/src/nvim/normal.c:463
    neovim#31 0x0000000000565c62 in main (argc=9, argv=0x7ffdd216cc28) at /home/foo/src/github.com/neovim/src/nvim/main.c:540

---

ASAN trace after provoking the bug with VimFiler:

=================================================================
==8540==ERROR: AddressSanitizer: heap-use-after-free on address 0x613000054748 at pc 0x0000007d1dd8 bp 0x7ffe71be6660 sp 0x7ffe71be6658
READ of size 4 at 0x613000054748 thread T0
    #0 0x7d1dd7 in copy_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:20116:37
    #1 0x87b92c in f_get /home/foo/src/github.com/neovim/src/nvim/eval.c:9895:5
    #2 0x7b35c0 in call_func /home/foo/src/github.com/neovim/src/nvim/eval.c:7286:11
    #3 0x7c8d7a in get_func_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:7091:11
    #4 0x8667f9 in eval7 /home/foo/src/github.com/neovim/src/nvim/eval.c:4353:15
    #5 0x8621e5 in eval6 /home/foo/src/github.com/neovim/src/nvim/eval.c:4073:7
    #6 0x85ce69 in eval5 /home/foo/src/github.com/neovim/src/nvim/eval.c:3925:7
    neovim#7 0x858071 in eval4 /home/foo/src/github.com/neovim/src/nvim/eval.c:3666:7
    neovim#8 0x857613 in eval3 /home/foo/src/github.com/neovim/src/nvim/eval.c:3588:7
    neovim#9 0x856bb3 in eval2 /home/foo/src/github.com/neovim/src/nvim/eval.c:3525:7
    neovim#10 0x7ab772 in eval1 /home/foo/src/github.com/neovim/src/nvim/eval.c:3458:7
    neovim#11 0x7abe36 in eval1 /home/foo/src/github.com/neovim/src/nvim/eval.c:3494:9
    neovim#12 0x7a9ecc in eval0 /home/foo/src/github.com/neovim/src/nvim/eval.c:3420:9
    neovim#13 0x830cac in ex_return /home/foo/src/github.com/neovim/src/nvim/eval.c:22191:10
    neovim#14 0xb06a1c in do_one_cmd /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198:5
    neovim#15 0xae5557 in do_cmdline /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601:20
    neovim#16 0x7f2490 in call_user_func /home/foo/src/github.com/neovim/src/nvim/eval.c:21993:3
    neovim#17 0x7b2eee in call_func /home/foo/src/github.com/neovim/src/nvim/eval.c:7271:11
    neovim#18 0x7c8d7a in get_func_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:7091:11
    neovim#19 0x8667f9 in eval7 /home/foo/src/github.com/neovim/src/nvim/eval.c:4353:15
    neovim#20 0x8621e5 in eval6 /home/foo/src/github.com/neovim/src/nvim/eval.c:4073:7
    neovim#21 0x85ce69 in eval5 /home/foo/src/github.com/neovim/src/nvim/eval.c:3925:7
    neovim#22 0x858071 in eval4 /home/foo/src/github.com/neovim/src/nvim/eval.c:3666:7
    neovim#23 0x857613 in eval3 /home/foo/src/github.com/neovim/src/nvim/eval.c:3588:7
    neovim#24 0x856bb3 in eval2 /home/foo/src/github.com/neovim/src/nvim/eval.c:3525:7
    neovim#25 0x7ab772 in eval1 /home/foo/src/github.com/neovim/src/nvim/eval.c:3458:7
    neovim#26 0x7a9ecc in eval0 /home/foo/src/github.com/neovim/src/nvim/eval.c:3420:9
    neovim#27 0x7b78f2 in ex_let /home/foo/src/github.com/neovim/src/nvim/eval.c:1479:9
    neovim#28 0xb06a1c in do_one_cmd /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198:5
    neovim#29 0xae5557 in do_cmdline /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601:20
    neovim#30 0x7f2490 in call_user_func /home/foo/src/github.com/neovim/src/nvim/eval.c:21993:3
    neovim#31 0x7b2eee in call_func /home/foo/src/github.com/neovim/src/nvim/eval.c:7271:11
    neovim#32 0x7c8d7a in get_func_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:7091:11
    neovim#33 0x7c1d3d in ex_call /home/foo/src/github.com/neovim/src/nvim/eval.c:2843:9
    neovim#34 0xb06a1c in do_one_cmd /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198:5
    neovim#35 0xae5557 in do_cmdline /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601:20
    neovim#36 0x7f2490 in call_user_func /home/foo/src/github.com/neovim/src/nvim/eval.c:21993:3
    neovim#37 0x7b2eee in call_func /home/foo/src/github.com/neovim/src/nvim/eval.c:7271:11
    neovim#38 0x7c8d7a in get_func_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:7091:11
    neovim#39 0x7c1d3d in ex_call /home/foo/src/github.com/neovim/src/nvim/eval.c:2843:9
    neovim#40 0xb06a1c in do_one_cmd /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198:5
    neovim#41 0xae5557 in do_cmdline /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601:20
    neovim#42 0xca2918 in apply_autocmds_group /home/foo/src/github.com/neovim/src/nvim/fileio.c:6882:5
    neovim#43 0xc6c446 in apply_autocmds /home/foo/src/github.com/neovim/src/nvim/fileio.c:6527:10
    neovim#44 0x140f374 in screenalloc /home/foo/src/github.com/neovim/src/nvim/screen.c:6234:5
    neovim#45 0x13958d1 in screenclear /home/foo/src/github.com/neovim/src/nvim/screen.c:6277:3
    neovim#46 0x1417573 in screen_resize /home/foo/src/github.com/neovim/src/nvim/screen.c:7366:5
    neovim#47 0x17fb59b in ui_refresh /home/foo/src/github.com/neovim/src/nvim/ui.c:175:3
    neovim#48 0x17fc100 in ui_refresh_event /home/foo/src/github.com/neovim/src/nvim/ui.c:181:3
    neovim#49 0xa05bbf in multiqueue_process_events /home/foo/src/github.com/neovim/src/nvim/event/multiqueue.c:146:7
    neovim#50 0x9ff8b6 in loop_poll_events /home/foo/src/github.com/neovim/src/nvim/event/loop.c:56:3
    neovim#51 0x120d584 in input_poll /home/foo/src/github.com/neovim/src/nvim/os/input.c:326:3
    neovim#52 0x12092ef in inbuf_poll /home/foo/src/github.com/neovim/src/nvim/os/input.c:348:24
    neovim#53 0x1209193 in os_inchar /home/foo/src/github.com/neovim/src/nvim/os/input.c:110:18
    neovim#54 0x16d3615 in state_enter /home/foo/src/github.com/neovim/src/nvim/state.c:49:13
    neovim#55 0x101090b in normal_enter /home/foo/src/github.com/neovim/src/nvim/normal.c:463:3
    neovim#56 0xdd0a82 in main /home/foo/src/github.com/neovim/src/nvim/main.c:542:3
    neovim#57 0x7f3c61df42b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
    neovim#58 0x44b959 in _start (/home/foo/src/github.com/neovim/build/bin/nvim+0x44b959)

0x613000054748 is located 8 bytes inside of 352-byte region [0x613000054740,0x6130000548a0)
freed by thread T0 here:
    #0 0x4e9d70 in __interceptor_cfree.localalias.0 (/home/foo/src/github.com/neovim/build/bin/nvim+0x4e9d70)
    #1 0xefa184 in xfree /home/foo/src/github.com/neovim/src/nvim/memory.c:130:3
    #2 0x7e52b5 in dict_free_dict /home/foo/src/github.com/neovim/src/nvim/eval.c:6431:3
    #3 0x7e1e2c in free_unref_items /home/foo/src/github.com/neovim/src/nvim/eval.c:6063:7
    #4 0x7946cd in garbage_collect /home/foo/src/github.com/neovim/src/nvim/eval.c:5985:16
    #5 0xd08f4f in before_blocking /home/foo/src/github.com/neovim/src/nvim/getchar.c:1331:5
    #6 0x1209157 in os_inchar /home/foo/src/github.com/neovim/src/nvim/os/input.c:109:9
    neovim#7 0x16d3615 in state_enter /home/foo/src/github.com/neovim/src/nvim/state.c:49:13
    neovim#8 0x101090b in normal_enter /home/foo/src/github.com/neovim/src/nvim/normal.c:463:3
    neovim#9 0xdd0a82 in main /home/foo/src/github.com/neovim/src/nvim/main.c:542:3
    neovim#10 0x7f3c61df42b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

previously allocated by thread T0 here:
    #0 0x4e9f08 in malloc (/home/foo/src/github.com/neovim/build/bin/nvim+0x4e9f08)
    #1 0xef9ee4 in try_malloc /home/foo/src/github.com/neovim/src/nvim/memory.c:84:15
    #2 0xefa0a4 in xmalloc /home/foo/src/github.com/neovim/src/nvim/memory.c:118:15
    #3 0x78bcc6 in dict_alloc /home/foo/src/github.com/neovim/src/nvim/eval.c:6321:15
    #4 0x86dc02 in get_dict_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:6789:9
    #5 0x865751 in eval7 /home/foo/src/github.com/neovim/src/nvim/eval.c:4296:21
    #6 0x8621e5 in eval6 /home/foo/src/github.com/neovim/src/nvim/eval.c:4073:7
    neovim#7 0x85ce69 in eval5 /home/foo/src/github.com/neovim/src/nvim/eval.c:3925:7
    neovim#8 0x858071 in eval4 /home/foo/src/github.com/neovim/src/nvim/eval.c:3666:7
    neovim#9 0x857613 in eval3 /home/foo/src/github.com/neovim/src/nvim/eval.c:3588:7
    neovim#10 0x856bb3 in eval2 /home/foo/src/github.com/neovim/src/nvim/eval.c:3525:7
    neovim#11 0x7ab772 in eval1 /home/foo/src/github.com/neovim/src/nvim/eval.c:3458:7
    neovim#12 0x7a9ecc in eval0 /home/foo/src/github.com/neovim/src/nvim/eval.c:3420:9
    neovim#13 0x7b78f2 in ex_let /home/foo/src/github.com/neovim/src/nvim/eval.c:1479:9
    neovim#14 0xb06a1c in do_one_cmd /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198:5
    neovim#15 0xae5557 in do_cmdline /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601:20
    neovim#16 0x7f2490 in call_user_func /home/foo/src/github.com/neovim/src/nvim/eval.c:21993:3
    neovim#17 0x7b2eee in call_func /home/foo/src/github.com/neovim/src/nvim/eval.c:7271:11
    neovim#18 0x7c8d7a in get_func_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:7091:11
    neovim#19 0x8667f9 in eval7 /home/foo/src/github.com/neovim/src/nvim/eval.c:4353:15
    neovim#20 0x8621e5 in eval6 /home/foo/src/github.com/neovim/src/nvim/eval.c:4073:7
    neovim#21 0x85ce69 in eval5 /home/foo/src/github.com/neovim/src/nvim/eval.c:3925:7
    neovim#22 0x858071 in eval4 /home/foo/src/github.com/neovim/src/nvim/eval.c:3666:7
    neovim#23 0x857613 in eval3 /home/foo/src/github.com/neovim/src/nvim/eval.c:3588:7
    neovim#24 0x856bb3 in eval2 /home/foo/src/github.com/neovim/src/nvim/eval.c:3525:7
    neovim#25 0x7ab772 in eval1 /home/foo/src/github.com/neovim/src/nvim/eval.c:3458:7
    neovim#26 0x93f89a in filter_map_one /home/foo/src/github.com/neovim/src/nvim/eval.c:9398:7
    neovim#27 0x93f33a in filter_map /home/foo/src/github.com/neovim/src/nvim/eval.c:9372:13
    neovim#28 0x8ceb57 in f_map /home/foo/src/github.com/neovim/src/nvim/eval.c:12900:3
    neovim#29 0x7b35c0 in call_func /home/foo/src/github.com/neovim/src/nvim/eval.c:7286:11

SUMMARY: AddressSanitizer: heap-use-after-free /home/foo/src/github.com/neovim/src/nvim/eval.c:20116:37 in copy_tv
Shadow bytes around the buggy address:
  0x0c2680002890: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c26800028a0: fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c26800028b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c26800028c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c26800028d0: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
=>0x0c26800028e0: fa fa fa fa fa fa fa fa fd[fd]fd fd fd fd fd fd
  0x0c26800028f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2680002900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2680002910: fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2680002920: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2680002930: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==8540==ABORTING
justinmk added a commit that referenced this pull request Feb 11, 2017
@justinmk
eval/typval_encode: Restore original copyID (#6070)
14fc482 
Does not actually matter for most uses, but critical for mark&sweep garbage
collector.

Closes #5234
Closes #5774
Closes #5817
Closes #5883
Closes #5934
Closes #5970
Closes #5548

Helped-by: James McCoy <jamessan@jamessan.com>
Helped-by: Tommy Allen <tommy@esdf.io>
Helped-by: Justin M. Keyes <justinkz@gmail.com>

---

Steps to reproduce:

    Compile fb97457 with:
       CC=clang CFLAGS=" -O0 -g -DEXITFREE " cmake .. -DMIN_LOG_LEVEL=0 -DCMAKE_BUILD_TYPE=Debug -DBUSTED_OUTPUT_TYPE=utf
       -DCMAKE_INSTALL_PREFIX=$PWD/root -DJEMALLOC_USE_BUNDLED=1 -DCLANG_ASAN_UBSAN=ON -DPREFER_LUAJIT=false

    Directory `crash` contains:
    1. unite directory with Shougo/unite.vim@be09b0e
    2. vimfiler directory with Shougo/vimfiler.vim@72c37e8
    3. `init.vim` with a single line which sets `&rtp` to the above two directories (absolute path).

    bin/nvim -u ../crash/init.vim -i NONE --headless -s <(<<< $':split\n:VimFiler\n\C-ww:call garbagecollect()\n\C-w\C-w\C-w')

---

Sample backtrace showing dv_copyID being overwritten by clear_tv, which
allows it to be collected by garbage_collect .. free_unref_items:

    Old value = 152911
    New value = 152912
    0x00000000004938e5 in encode_vim_to_nothing (ignored=0x7fb6348f3b20, top_tv=0x7fb6348f3b20, objname=0x6d62e9 "clear_tv argument") at ../src/nvim/eval/typval_encode.c.h:641
    641               cur_mpsv->data.d.dict->dv_copyID = copyID - 1;
    (rr) bt
    #0  0x00000000004938e5 in encode_vim_to_nothing (ignored=0x7fb6348f3b20, top_tv=0x7fb6348f3b20, objname=0x6d62e9 "clear_tv argument") at ../src/nvim/eval/typval_encode.c.h:641
    #1  0x0000000000485dee in clear_tv (varp=0x7fb6348f3b20) at /home/foo/src/github.com/neovim/src/nvim/eval.c:19876
    #2  0x0000000000494e5e in vars_clear_ext (ht=0x7fb634351460, free_val=1) at /home/foo/src/github.com/neovim/src/nvim/eval.c:20378
    #3  0x0000000000494dca in vars_clear (ht=0x7fb634351460) at /home/foo/src/github.com/neovim/src/nvim/eval.c:20355
    #4  0x000000000048efa3 in free_funccal (fc=0x7fb634351200, free_val=0) at /home/foo/src/github.com/neovim/src/nvim/eval.c:22927
    #5  0x0000000000491d8f in call_user_func (fp=0x7fb6340ae4e0, argcount=0, argvars=0x7ffdd216a050, rettv=0x7ffdd216a2b0, firstline=2, lastline=2, selfdict=0x0)
        at /home/foo/src/github.com/neovim/src/nvim/eval.c:22818
    #6  0x00000000004873a4 in call_func (funcname=0x7fb6348ba3e0 "vimfiler#view#_redraw_screen", len=28, rettv=0x7ffdd216a2b0, argcount_in=0, argvars_in=0x7ffdd216a050, argv_func=0x0, firstline=2,
        lastline=2, doesrange=0x7ffdd216a2ac, evaluate=true, partial=0x0, selfdict_in=0x0) at /home/foo/src/github.com/neovim/src/nvim/eval.c:7687
    #7  0x000000000048a6f0 in get_func_tv (name=0x7fb6348ba3e0 "vimfiler#view#_redraw_screen", len=28, rettv=0x7ffdd216a2b0, arg=0x7ffdd216a2c8, firstline=2, lastline=2, doesrange=0x7ffdd216a2ac,
        evaluate=1, partial=0x0, selfdict=0x0) at /home/foo/src/github.com/neovim/src/nvim/eval.c:7459
    #8  0x0000000000489691 in ex_call (eap=0x7ffdd216a598) at /home/foo/src/github.com/neovim/src/nvim/eval.c:2817
    #9  0x00000000004fae46 in do_one_cmd (cmdlinep=0x7ffdd216a878, flags=7, cstack=0x7ffdd216a880, fgetline=0x4f7c30 <get_loop_line>, cookie=0x7ffdd216a7f8)
        at /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198
    #10 0x00000000004f6ae3 in do_cmdline (cmdline=0x0, fgetline=0x499f50 <get_func_line>, cookie=0x7fb634350800, flags=7) at /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601
    #11 0x00000000004918c0 in call_user_func (fp=0x7fb6340ae6a0, argcount=0, argvars=0x7ffdd216b6d0, rettv=0x7ffdd216b930, firstline=2, lastline=2, selfdict=0x0)
        at /home/foo/src/github.com/neovim/src/nvim/eval.c:22728
    #12 0x00000000004873a4 in call_func (funcname=0x7fb6348f3ee0 "vimfiler#view#_redraw_all_vimfiler", len=34, rettv=0x7ffdd216b930, argcount_in=0, argvars_in=0x7ffdd216b6d0, argv_func=0x0,
        firstline=2, lastline=2, doesrange=0x7ffdd216b92c, evaluate=true, partial=0x0, selfdict_in=0x0) at /home/foo/src/github.com/neovim/src/nvim/eval.c:7687
    #13 0x000000000048a6f0 in get_func_tv (name=0x7fb6348f3ee0 "vimfiler#view#_redraw_all_vimfiler", len=34, rettv=0x7ffdd216b930, arg=0x7ffdd216b948, firstline=2, lastline=2, doesrange=0x7ffdd216b92c,
        evaluate=1, partial=0x0, selfdict=0x0) at /home/foo/src/github.com/neovim/src/nvim/eval.c:7459
    #14 0x0000000000489691 in ex_call (eap=0x7ffdd216bc18) at /home/foo/src/github.com/neovim/src/nvim/eval.c:2817
    #15 0x00000000004fae46 in do_one_cmd (cmdlinep=0x7ffdd216bef8, flags=7, cstack=0x7ffdd216bf00, fgetline=0x539820 <getnextac>, cookie=0x7ffdd216c508)
        at /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198
    #16 0x00000000004f6ae3 in do_cmdline (cmdline=0x0, fgetline=0x539820 <getnextac>, cookie=0x7ffdd216c508, flags=7) at /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601
    #17 0x00000000005390ee in apply_autocmds_group (event=EVENT_VIMRESIZED, fname=0x7fb6348ed2c0 "/home/foo/src/github.com/neovim/build/vimfiler:default", fname_io=0x0, force=false, group=-3,
        buf=0x7fb634858000, eap=0x0) at /home/foo/src/github.com/neovim/src/nvim/fileio.c:6882
    #18 0x000000000052f67c in apply_autocmds (event=EVENT_VIMRESIZED, fname=0x0, fname_io=0x0, force=false, buf=0x7fb634858000) at /home/foo/src/github.com/neovim/src/nvim/fileio.c:6527
    #19 0x0000000000640df2 in screenalloc (doclear=false) at /home/foo/src/github.com/neovim/src/nvim/screen.c:6234
    #20 0x00000000006320d2 in screenclear () at /home/foo/src/github.com/neovim/src/nvim/screen.c:6277
    #21 0x0000000000641edf in screen_resize (width=49, height=56) at /home/foo/src/github.com/neovim/src/nvim/screen.c:7366
    #22 0x00000000006b2d82 in ui_refresh () at /home/foo/src/github.com/neovim/src/nvim/ui.c:175
    #23 0x00000000006b3121 in ui_refresh_event (argv=0x7ffdd216c748) at /home/foo/src/github.com/neovim/src/nvim/ui.c:181
    #24 0x00000000004d8297 in multiqueue_process_events (this=0x7fb634812370) at /home/foo/src/github.com/neovim/src/nvim/event/multiqueue.c:146
    #25 0x00000000004d7616 in loop_poll_events (loop=0x96e900 <main_loop>, ms=-1) at /home/foo/src/github.com/neovim/src/nvim/event/loop.c:56
    #26 0x00000000005eb635 in input_poll (ms=-1) at /home/foo/src/github.com/neovim/src/nvim/os/input.c:326
    #27 0x00000000005ea700 in inbuf_poll (ms=-1) at /home/foo/src/github.com/neovim/src/nvim/os/input.c:348
    #28 0x00000000005ea61d in os_inchar (buf=0x0, maxlen=0, ms=-1, tb_change_cnt=0) at /home/foo/src/github.com/neovim/src/nvim/os/input.c:110
    #29 0x000000000068e0af in state_enter (s=0x7ffdd216c888) at /home/foo/src/github.com/neovim/src/nvim/state.c:49
    #30 0x00000000005ac514 in normal_enter (cmdwin=false, noexmode=false) at /home/foo/src/github.com/neovim/src/nvim/normal.c:463
    #31 0x0000000000565c62 in main (argc=9, argv=0x7ffdd216cc28) at /home/foo/src/github.com/neovim/src/nvim/main.c:540

---

ASAN trace after provoking the bug with VimFiler:

=================================================================
==8540==ERROR: AddressSanitizer: heap-use-after-free on address 0x613000054748 at pc 0x0000007d1dd8 bp 0x7ffe71be6660 sp 0x7ffe71be6658
READ of size 4 at 0x613000054748 thread T0
    #0 0x7d1dd7 in copy_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:20116:37
    #1 0x87b92c in f_get /home/foo/src/github.com/neovim/src/nvim/eval.c:9895:5
    #2 0x7b35c0 in call_func /home/foo/src/github.com/neovim/src/nvim/eval.c:7286:11
    #3 0x7c8d7a in get_func_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:7091:11
    #4 0x8667f9 in eval7 /home/foo/src/github.com/neovim/src/nvim/eval.c:4353:15
    #5 0x8621e5 in eval6 /home/foo/src/github.com/neovim/src/nvim/eval.c:4073:7
    #6 0x85ce69 in eval5 /home/foo/src/github.com/neovim/src/nvim/eval.c:3925:7
    #7 0x858071 in eval4 /home/foo/src/github.com/neovim/src/nvim/eval.c:3666:7
    #8 0x857613 in eval3 /home/foo/src/github.com/neovim/src/nvim/eval.c:3588:7
    #9 0x856bb3 in eval2 /home/foo/src/github.com/neovim/src/nvim/eval.c:3525:7
    #10 0x7ab772 in eval1 /home/foo/src/github.com/neovim/src/nvim/eval.c:3458:7
    #11 0x7abe36 in eval1 /home/foo/src/github.com/neovim/src/nvim/eval.c:3494:9
    #12 0x7a9ecc in eval0 /home/foo/src/github.com/neovim/src/nvim/eval.c:3420:9
    #13 0x830cac in ex_return /home/foo/src/github.com/neovim/src/nvim/eval.c:22191:10
    #14 0xb06a1c in do_one_cmd /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198:5
    #15 0xae5557 in do_cmdline /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601:20
    #16 0x7f2490 in call_user_func /home/foo/src/github.com/neovim/src/nvim/eval.c:21993:3
    #17 0x7b2eee in call_func /home/foo/src/github.com/neovim/src/nvim/eval.c:7271:11
    #18 0x7c8d7a in get_func_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:7091:11
    #19 0x8667f9 in eval7 /home/foo/src/github.com/neovim/src/nvim/eval.c:4353:15
    #20 0x8621e5 in eval6 /home/foo/src/github.com/neovim/src/nvim/eval.c:4073:7
    #21 0x85ce69 in eval5 /home/foo/src/github.com/neovim/src/nvim/eval.c:3925:7
    #22 0x858071 in eval4 /home/foo/src/github.com/neovim/src/nvim/eval.c:3666:7
    #23 0x857613 in eval3 /home/foo/src/github.com/neovim/src/nvim/eval.c:3588:7
    #24 0x856bb3 in eval2 /home/foo/src/github.com/neovim/src/nvim/eval.c:3525:7
    #25 0x7ab772 in eval1 /home/foo/src/github.com/neovim/src/nvim/eval.c:3458:7
    #26 0x7a9ecc in eval0 /home/foo/src/github.com/neovim/src/nvim/eval.c:3420:9
    #27 0x7b78f2 in ex_let /home/foo/src/github.com/neovim/src/nvim/eval.c:1479:9
    #28 0xb06a1c in do_one_cmd /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198:5
    #29 0xae5557 in do_cmdline /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601:20
    #30 0x7f2490 in call_user_func /home/foo/src/github.com/neovim/src/nvim/eval.c:21993:3
    #31 0x7b2eee in call_func /home/foo/src/github.com/neovim/src/nvim/eval.c:7271:11
    #32 0x7c8d7a in get_func_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:7091:11
    #33 0x7c1d3d in ex_call /home/foo/src/github.com/neovim/src/nvim/eval.c:2843:9
    #34 0xb06a1c in do_one_cmd /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198:5
    #35 0xae5557 in do_cmdline /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601:20
    #36 0x7f2490 in call_user_func /home/foo/src/github.com/neovim/src/nvim/eval.c:21993:3
    #37 0x7b2eee in call_func /home/foo/src/github.com/neovim/src/nvim/eval.c:7271:11
    #38 0x7c8d7a in get_func_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:7091:11
    #39 0x7c1d3d in ex_call /home/foo/src/github.com/neovim/src/nvim/eval.c:2843:9
    #40 0xb06a1c in do_one_cmd /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198:5
    #41 0xae5557 in do_cmdline /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601:20
    #42 0xca2918 in apply_autocmds_group /home/foo/src/github.com/neovim/src/nvim/fileio.c:6882:5
    #43 0xc6c446 in apply_autocmds /home/foo/src/github.com/neovim/src/nvim/fileio.c:6527:10
    #44 0x140f374 in screenalloc /home/foo/src/github.com/neovim/src/nvim/screen.c:6234:5
    #45 0x13958d1 in screenclear /home/foo/src/github.com/neovim/src/nvim/screen.c:6277:3
    #46 0x1417573 in screen_resize /home/foo/src/github.com/neovim/src/nvim/screen.c:7366:5
    #47 0x17fb59b in ui_refresh /home/foo/src/github.com/neovim/src/nvim/ui.c:175:3
    #48 0x17fc100 in ui_refresh_event /home/foo/src/github.com/neovim/src/nvim/ui.c:181:3
    #49 0xa05bbf in multiqueue_process_events /home/foo/src/github.com/neovim/src/nvim/event/multiqueue.c:146:7
    #50 0x9ff8b6 in loop_poll_events /home/foo/src/github.com/neovim/src/nvim/event/loop.c:56:3
    #51 0x120d584 in input_poll /home/foo/src/github.com/neovim/src/nvim/os/input.c:326:3
    #52 0x12092ef in inbuf_poll /home/foo/src/github.com/neovim/src/nvim/os/input.c:348:24
    #53 0x1209193 in os_inchar /home/foo/src/github.com/neovim/src/nvim/os/input.c:110:18
    #54 0x16d3615 in state_enter /home/foo/src/github.com/neovim/src/nvim/state.c:49:13
    #55 0x101090b in normal_enter /home/foo/src/github.com/neovim/src/nvim/normal.c:463:3
    #56 0xdd0a82 in main /home/foo/src/github.com/neovim/src/nvim/main.c:542:3
    #57 0x7f3c61df42b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
    #58 0x44b959 in _start (/home/foo/src/github.com/neovim/build/bin/nvim+0x44b959)

0x613000054748 is located 8 bytes inside of 352-byte region [0x613000054740,0x6130000548a0)
freed by thread T0 here:
    #0 0x4e9d70 in __interceptor_cfree.localalias.0 (/home/foo/src/github.com/neovim/build/bin/nvim+0x4e9d70)
    #1 0xefa184 in xfree /home/foo/src/github.com/neovim/src/nvim/memory.c:130:3
    #2 0x7e52b5 in dict_free_dict /home/foo/src/github.com/neovim/src/nvim/eval.c:6431:3
    #3 0x7e1e2c in free_unref_items /home/foo/src/github.com/neovim/src/nvim/eval.c:6063:7
    #4 0x7946cd in garbage_collect /home/foo/src/github.com/neovim/src/nvim/eval.c:5985:16
    #5 0xd08f4f in before_blocking /home/foo/src/github.com/neovim/src/nvim/getchar.c:1331:5
    #6 0x1209157 in os_inchar /home/foo/src/github.com/neovim/src/nvim/os/input.c:109:9
    #7 0x16d3615 in state_enter /home/foo/src/github.com/neovim/src/nvim/state.c:49:13
    #8 0x101090b in normal_enter /home/foo/src/github.com/neovim/src/nvim/normal.c:463:3
    #9 0xdd0a82 in main /home/foo/src/github.com/neovim/src/nvim/main.c:542:3
    #10 0x7f3c61df42b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

previously allocated by thread T0 here:
    #0 0x4e9f08 in malloc (/home/foo/src/github.com/neovim/build/bin/nvim+0x4e9f08)
    #1 0xef9ee4 in try_malloc /home/foo/src/github.com/neovim/src/nvim/memory.c:84:15
    #2 0xefa0a4 in xmalloc /home/foo/src/github.com/neovim/src/nvim/memory.c:118:15
    #3 0x78bcc6 in dict_alloc /home/foo/src/github.com/neovim/src/nvim/eval.c:6321:15
    #4 0x86dc02 in get_dict_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:6789:9
    #5 0x865751 in eval7 /home/foo/src/github.com/neovim/src/nvim/eval.c:4296:21
    #6 0x8621e5 in eval6 /home/foo/src/github.com/neovim/src/nvim/eval.c:4073:7
    #7 0x85ce69 in eval5 /home/foo/src/github.com/neovim/src/nvim/eval.c:3925:7
    #8 0x858071 in eval4 /home/foo/src/github.com/neovim/src/nvim/eval.c:3666:7
    #9 0x857613 in eval3 /home/foo/src/github.com/neovim/src/nvim/eval.c:3588:7
    #10 0x856bb3 in eval2 /home/foo/src/github.com/neovim/src/nvim/eval.c:3525:7
    #11 0x7ab772 in eval1 /home/foo/src/github.com/neovim/src/nvim/eval.c:3458:7
    #12 0x7a9ecc in eval0 /home/foo/src/github.com/neovim/src/nvim/eval.c:3420:9
    #13 0x7b78f2 in ex_let /home/foo/src/github.com/neovim/src/nvim/eval.c:1479:9
    #14 0xb06a1c in do_one_cmd /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:2198:5
    #15 0xae5557 in do_cmdline /home/foo/src/github.com/neovim/src/nvim/ex_docmd.c:601:20
    #16 0x7f2490 in call_user_func /home/foo/src/github.com/neovim/src/nvim/eval.c:21993:3
    #17 0x7b2eee in call_func /home/foo/src/github.com/neovim/src/nvim/eval.c:7271:11
    #18 0x7c8d7a in get_func_tv /home/foo/src/github.com/neovim/src/nvim/eval.c:7091:11
    #19 0x8667f9 in eval7 /home/foo/src/github.com/neovim/src/nvim/eval.c:4353:15
    #20 0x8621e5 in eval6 /home/foo/src/github.com/neovim/src/nvim/eval.c:4073:7
    #21 0x85ce69 in eval5 /home/foo/src/github.com/neovim/src/nvim/eval.c:3925:7
    #22 0x858071 in eval4 /home/foo/src/github.com/neovim/src/nvim/eval.c:3666:7
    #23 0x857613 in eval3 /home/foo/src/github.com/neovim/src/nvim/eval.c:3588:7
    #24 0x856bb3 in eval2 /home/foo/src/github.com/neovim/src/nvim/eval.c:3525:7
    #25 0x7ab772 in eval1 /home/foo/src/github.com/neovim/src/nvim/eval.c:3458:7
    #26 0x93f89a in filter_map_one /home/foo/src/github.com/neovim/src/nvim/eval.c:9398:7
    #27 0x93f33a in filter_map /home/foo/src/github.com/neovim/src/nvim/eval.c:9372:13
    #28 0x8ceb57 in f_map /home/foo/src/github.com/neovim/src/nvim/eval.c:12900:3
    #29 0x7b35c0 in call_func /home/foo/src/github.com/neovim/src/nvim/eval.c:7286:11

SUMMARY: AddressSanitizer: heap-use-after-free /home/foo/src/github.com/neovim/src/nvim/eval.c:20116:37 in copy_tv
Shadow bytes around the buggy address:
  0x0c2680002890: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c26800028a0: fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c26800028b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c26800028c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c26800028d0: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
=>0x0c26800028e0: fa fa fa fa fa fa fa fa fd[fd]fd fd fd fd fd fd
  0x0c26800028f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2680002900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2680002910: fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2680002920: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2680002930: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==8540==ABORTING
@desdic desdic mentioned this pull request Feb 15, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Build and use neovim files