Bug 514717

Summary: vim-*-7.2.148-2.fc12.x86_64.rpm: vi segfaults on startup
Product: [Fedora] Fedora Reporter: Tom London <selinux>
Component: vimAssignee: Karsten Hopp <karsten>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: low    
Version: rawhideCC: anton, atkac, eparis, jlaska, karsten, kevin, kmaraas, nicolas.mailhot, quentin, valdis.kletnieks, zaitcev
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-08-04 18:59:52 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On:    
Bug Blocks: 473303, 507676    
Attachments:
Description Flags
core file produced by running "vi"
none
Candidate patch 1
none
another candidate patch none

Description Tom London 2009-07-30 09:27:38 EDT
Created attachment 355671 [details]
core file produced by running "vi"

Description of problem:
After upgrading about half of the rawhide packages, vi started crashing on me:

[tbl@tlondon ~]$ vi
*** buffer overflow detected ***: vim terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7f780f90df47]
/lib64/libc.so.6[0x7f780f90bee0]
vim(eval_init+0x6f)[0x45a5cf]
vim(main+0x82)[0x4ac952]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x7f780f835aed]
vim[0x422069]
======= Memory map: ========
00400000-005c4000 r-xp 00000000 fd:00 98173                              /usr/bin/vim
007c3000-007d6000 rw-p 001c3000 fd:00 98173                              /usr/bin/vim
007d6000-007df000 rw-p 00000000 00:00 0 
00f75000-00f96000 rw-p 00000000 00:00 0                                  [heap]
34ffe00000-34ffe04000 r-xp 00000000 fd:00 1811                           /lib64/libattr.so.1.1.0
34ffe04000-3500003000 ---p 00004000 fd:00 1811                           /lib64/libattr.so.1.1.0
3500003000-3500004000 rw-p 00003000 fd:00 1811                           /lib64/libattr.so.1.1.0
3500600000-3500605000 r-xp 00000000 fd:00 11623                          /usr/lib64/libgpm.so.2.1.0
3500605000-3500805000 ---p 00005000 fd:00 11623                          /usr/lib64/libgpm.so.2.1.0
3500805000-3500806000 rw-p 00005000 fd:00 11623                          /usr/lib64/libgpm.so.2.1.0
3506e00000-3506e07000 r-xp 00000000 fd:00 16912                          /lib64/libacl.so.1.1.0
3506e07000-3507006000 ---p 00007000 fd:00 16912                          /lib64/libacl.so.1.1.0
3507006000-3507007000 rw-p 00006000 fd:00 16912                          /lib64/libacl.so.1.1.0
3a09200000-3a0921c000 r-xp 00000000 fd:00 32162                          /lib64/libselinux.so.1
3a0921c000-3a0941b000 ---p 0001c000 fd:00 32162                          /lib64/libselinux.so.1
3a0941b000-3a0941c000 r--p 0001b000 fd:00 32162                          /lib64/libselinux.so.1
3a0941c000-3a0941d000 rw-p 0001c000 fd:00 32162                          /lib64/libselinux.so.1
3a0941d000-3a0941e000 rw-p 00000000 00:00 0 
7f780e2d2000-7f780e2ec000 r-xp 00000000 fd:00 73334                      /lib64/libgcc_s-4.4.1-20090722.so.1
7f780e2ec000-7f780e4eb000 ---p 0001a000 fd:00 73334                      /lib64/libgcc_s-4.4.1-20090722.so.1
7f780e4eb000-7f780e4ec000 rw-p 00019000 fd:00 73334                      /lib64/libgcc_s-4.4.1-20090722.so.1
7f780e4ec000-7f780e545000 r-xp 00000000 fd:00 11565                      /lib64/libfreebl3.so
7f780e545000-7f780e745000 ---p 00059000 fd:00 11565                      /lib64/libfreebl3.so
7f780e745000-7f780e746000 rw-p 00059000 fd:00 11565                      /lib64/libfreebl3.so
7f780e746000-7f780e74b000 rw-p 00000000 00:00 0 
7f780e74b000-7f780e753000 r-xp 00000000 fd:00 21659                      /lib64/libcrypt-2.10.90.so
7f780e753000-7f780e952000 ---p 00008000 fd:00 21659                      /lib64/libcrypt-2.10.90.so
7f780e952000-7f780e953000 r--p 00007000 fd:00 21659                      /lib64/libcrypt-2.10.90.so
7f780e953000-7f780e954000 rw-p 00008000 fd:00 21659                      /lib64/libcrypt-2.10.90.so
7f780e954000-7f780e982000 rw-p 00000000 00:00 0 
7f780e982000-7f780e999000 r-xp 00000000 fd:00 30312                      /lib64/libnsl-2.10.90.so
7f780e999000-7f780eb98000 ---p 00017000 fd:00 30312                      /lib64/libnsl-2.10.90.so
7f780eb98000-7f780eb99000 r--p 00016000 fd:00 30312                      /lib64/libnsl-2.10.90.so
7f780eb99000-7f780eb9a000 rw-p 00017000 fd:00 30312                      /lib64/libnsl-2.10.90.so
7f780eb9a000-7f780eb9c000 rw-p 00000000 00:00 0 
7f780eb9c000-7f780ebb9000 r-xp 00000000 fd:00 12077                      /lib64/libtinfo.so.5.7
7f780ebb9000-7f780edb9000 ---p 0001d000 fd:00 12077                      /lib64/libtinfo.so.5.7
7f780edb9000-7f780edbd000 rw-p 0001d000 fd:00 12077                      /lib64/libtinfo.so.5.7
7f780edbd000-7f780edd4000 r-xp 00000000 fd:00 18975                      /lib64/libpthread-2.10.90.so
7f780edd4000-7f780efd3000 ---p 00017000 fd:00 18975                      /lib64/libpthread-2.10.90.so
7f780efd3000-7f780efd4000 r--p 00016000 fd:00 18975                      /lib64/libpthread-2.10.90.so
7f780efd4000-7f780efd5000 rw-p 00017000 fd:00 18975                      /lib64/libpthread-2.10.90.so
7f780efd5000-7f780efd9000 rw-p 00000000 00:00 0 
7f780efd9000-7f780efdb000 r-xp 00000000 fd:00 28245                      /lib64/libdl-2.10.90.so
7f780efdb000-7f780f1db000 ---p 00002000 fd:00 28245                      /lib64/libdl-2.10.90.so
7f780f1db000-7f780f1dc000 r--p 00002000 fd:00 28245                      /lib64/libdl-2.10.90.so
7f780f1dc000-7f780f1dd000 rw-p 00003000 fd:00 28245                      /lib64/libdl-2.10.90.so
7f780f1dd000-7f780f260000 r-xp 00000000 fd:00 30283                      /lib64/libm-2.10.90.so
7f780f260000-7f780f460000 ---p 00083000 fd:00 30283                      /lib64/libm-2.10.90.so
7f780f460000-7f780f461000 r--p 00083000 fd:00 30283                      /lib64/libm-2.10.90.so
7f780f461000-7f780f462000 rw-p 00084000 fd:00 30283                      /lib64/libm-2.10.90.so
7f780f462000-7f780f5cf000 r-xp 00000000 fd:00 107208                     /usr/lib64/libpython2.6.so.1.0
7f780f5cf000-7f780f7ce000 ---p 0016d000 fd:00 107208                     /usr/lib64/libpython2.6.so.1.0
7f780f7ce000-7f780f809000 rw-p 0016c000 fd:00 107208                     /usr/lib64/libpython2.6.so.1.0
7f780f809000-7f780f817000 rw-p 00000000 00:00 0 
7f780f817000-7f780f982000 r-xp 00000000 fd:00 11615                      /lib64/libc-2.10.90.so
7f780f982000-7f780fb82000 ---p 0016b000 fd:00 11615                      /lib64/libc-2.10.90.so
7f780fb82000-7f780fb86000 r--p 0016b000 fd:00 11615                      /lib64/libc-2.10.90.so
7f780fb86000-7f780fb87000 rw-p 0016f000 fd:00 11615                      /lib64/libc-2.10.90.so
7f780fb87000-7f780fb8c000 rw-p 00000000 00:00 0 
7f780fb8c000-7f780fb8e000 r-xp 00000000 fd:00 48706                      /lib64/libutil-2.10.90.so
7f780fb8e000-7f780fd8d000 ---p 00002000 fd:00 48706                      /lib64/libutil-2.10.90.so
7f780fd8d000-7f780fd8e000 r--p 00001000 fd:00 48706                      /lib64/libutil-2.10.90.so
7f780fd8e000-7f780fd8f000 rw-p 00002000 fd:00 48706                      /lib64/libutil-2.10.90.so
7f780fd8f000-7f780fda5000 r-xp 00000000 fd:00 52344                      /lib64/libresolv-2.10.90.so
7f780fda5000-7f780ffa5000 ---p 00016000 fd:00 52344                      /lib64/libresolv-2.10.90.so
7f780ffa5000-7f780ffa6000 r--p 00016000 fd:00 52344                      /lib64/libresolv-2.10.90.so
7f780ffa6000-7f780ffa7000 rw-p 00017000 fd:00 52344                      /lib64/libresolv-2.10.90.so
7f780ffa7000-7f780ffa9000 rw-p 00000000 00:00 0 
7f780ffa9000-7f7810145000 r-xp 00000000 fd:00 28886                      /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so
7f7810145000-7f7810344000 ---p 0019c000 fd:00 28886                      /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so
7f7810344000-7f781034e000 rw-p 0019b000 fd:00 28886                      /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so
7f781034e000-7f7810370000 r-xp 00000000 fd:00 11959                      /lib64/libncurses.so.5.7
7f7810370000-7f781056f000 ---p 00022000 fd:00 11959                      /lib64/libncurses.so.5.7
7f781056f000-7f7810570000 rw-p 00021000 fd:00 11959                      /lib64/libncurses.so.5.7
7f7810570000-7f781058f000 r-xp 00000000 fd:00 15298                      /lib64/ld-2.10.90.so
7f781076b000-7f7810773000 rw-p 00000000 00:00 0 
7f781078c000-7f781078e000 rw-p 00000000 00:00 0 
7f781078e000-7f781078f000 r--p 0001e000 fd:00 15298                      /lib64/ld-2.10.90.so
7f781078f000-7f7810790000 rw-p 0001f000 fd:00 15298                      /lib64/ld-2.10.90.so
7fff371b9000-7fff371ce000 rw-p 00000000 00:00 0                          [stack]
7fff371ff000-7fff37200000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted (core dumped)
[tbl@tlondon ~]$ 

Downgrading to:
vim-common-7.2.148-1.fc11.x86_64
vim-enhanced-7.2.148-1.fc11.x86_64
vim-minimal-7.2.148-1.fc11.x86_64

makes it "work for me"

Attaching core file

Version-Release number of selected component (if applicable):
vim-common-7.2.148-2.fc12.x86_64.rpm
vim-enhanced-7.2.148-2.fc12.x86_64.rpm
vim-minimal-7.2.148-2.fc12.x86_64.rpm


How reproducible:
Every time

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Tom London 2009-07-30 18:40:42 EDT
After installing various debuginfo packages and running gdb:

[tbl@tlondon ~]$ gdb vim
GNU gdb (GDB) Fedora (6.8.50.20090302-39.fc12)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
(gdb) run
Starting program: /usr/bin/vim 
[Thread debugging using libthread_db enabled]
*** buffer overflow detected ***: /usr/bin/vim terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7ffff6b4aec7]
/lib64/libc.so.6[0x7ffff6b48e60]
/usr/bin/vim(eval_init+0x6f)[0x45a5cf]
/usr/bin/vim(main+0x82)[0x4ac952]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x7ffff6a6fb8d]
/usr/bin/vim[0x422069]
======= Memory map: ========
00400000-005c4000 r-xp 00000000 fd:00 18650                              /usr/bin/vim
007c3000-007d6000 rw-p 001c3000 fd:00 18650                              /usr/bin/vim
007d6000-00800000 rw-p 00000000 00:00 0                                  [heap]
7ffff5307000-7ffff5321000 r-xp 00000000 fd:00 11908                      /lib64/libgcc_s-4.4.1-20090725.so.1
7ffff5321000-7ffff5520000 ---p 0001a000 fd:00 11908                      /lib64/libgcc_s-4.4.1-20090725.so.1
7ffff5520000-7ffff5521000 rw-p 00019000 fd:00 11908                      /lib64/libgcc_s-4.4.1-20090725.so.1
7ffff5521000-7ffff557a000 r-xp 00000000 fd:00 11565                      /lib64/libfreebl3.so
7ffff557a000-7ffff577a000 ---p 00059000 fd:00 11565                      /lib64/libfreebl3.so
7ffff577a000-7ffff577b000 rw-p 00059000 fd:00 11565                      /lib64/libfreebl3.so
7ffff577b000-7ffff5780000 rw-p 00000000 00:00 0 
7ffff5780000-7ffff5788000 r-xp 00000000 fd:00 11895                      /lib64/libcrypt-2.10.90.so
7ffff5788000-7ffff5987000 ---p 00008000 fd:00 11895                      /lib64/libcrypt-2.10.90.so
7ffff5987000-7ffff5988000 r--p 00007000 fd:00 11895                      /lib64/libcrypt-2.10.90.so
7ffff5988000-7ffff5989000 rw-p 00008000 fd:00 11895                      /lib64/libcrypt-2.10.90.so
7ffff5989000-7ffff59b7000 rw-p 00000000 00:00 0 
7ffff59b7000-7ffff59ce000 r-xp 00000000 fd:00 13052                      /lib64/libnsl-2.10.90.so
7ffff59ce000-7ffff5bcd000 ---p 00017000 fd:00 13052                      /lib64/libnsl-2.10.90.so
7ffff5bcd000-7ffff5bce000 r--p 00016000 fd:00 13052                      /lib64/libnsl-2.10.90.so
7ffff5bce000-7ffff5bcf000 rw-p 00017000 fd:00 13052                      /lib64/libnsl-2.10.90.so
7ffff5bcf000-7ffff5bd1000 rw-p 00000000 00:00 0 
7ffff5bd1000-7ffff5bd5000 r-xp 00000000 fd:00 12998                      /lib64/libattr.so.1.1.0
7ffff5bd5000-7ffff5dd4000 ---p 00004000 fd:00 12998                      /lib64/libattr.so.1.1.0
7ffff5dd4000-7ffff5dd5000 rw-p 00003000 fd:00 12998                      /lib64/libattr.so.1.1.0
7ffff5dd5000-7ffff5df2000 r-xp 00000000 fd:00 12077                      /lib64/libtinfo.so.5.7
7ffff5df2000-7ffff5ff2000 ---p 0001d000 fd:00 12077                      /lib64/libtinfo.so.5.7
7ffff5ff2000-7ffff5ff6000 rw-p 0001d000 fd:00 12077                      /lib64/libtinfo.so.5.7
7ffff5ff6000-7ffff600e000 r-xp 00000000 fd:00 16912                      /lib64/libpthread-2.10.90.so
7ffff600e000-7ffff620d000 ---p 00018000 fd:00 16912                      /lib64/libpthread-2.10.90.so
7ffff620d000-7ffff620e000 r--p 00017000 fd:00 16912                      /lib64/libpthread-2.10.90.so
7ffff620e000-7ffff620f000 rw-p 00018000 fd:00 16912                      /lib64/libpthread-2.10.90.so
7ffff620f000-7ffff6213000 rw-p 00000000 00:00 0 
7ffff6213000-7ffff6215000 r-xp 00000000 fd:00 12377                      /lib64/libdl-2.10.90.so
7ffff6215000-7ffff6415000 ---p 00002000 fd:00 12377                      /lib64/libdl-2.10.90.so
7ffff6415000-7ffff6416000 r--p 00002000 fd:00 12377                      /lib64/libdl-2.10.90.so
7ffff6416000-7ffff6417000 rw-p 00003000 fd:00 12377                      /lib64/libdl-2.10.90.so
7ffff6417000-7ffff649b000 r-xp 00000000 fd:00 13001                      /lib64/libm-2.10.90.so
7ffff649b000-7ffff669a000 ---p 00084000 fd:00 13001                      /lib64/libm-2.10.90.so
7ffff669a000-7ffff669b000 r--p 00083000 fd:00 13001                      /lib64/libm-2.10.90.so
7ffff669b000-7ffff669c000 rw-p 00084000 fd:00 13001                      /lib64/libm-2.10.90.so
7ffff669c000-7ffff6809000 r-xp 00000000 fd:00 107208                     /usr/lib64/libpython2.6.so.1.0
7ffff6809000-7ffff6a08000 ---p 0016d000 fd:00 107208                     /usr/lib64/libpython2.6.so.1.0
7ffff6a08000-7ffff6a43000 rw-p 0016c000 fd:00 107208                     /usr/lib64/libpython2.6.so.1.0
7ffff6a43000-7ffff6a51000 rw-p 00000000 00:00 0 
7ffff6a51000-7ffff6bc4000 r-xp 00000000 fd:00 2422                       /lib64/libc-2.10.90.so
7ffff6bc4000-7ffff6dc4000 ---p 00173000 fd:00 2422                       /lib64/libc-2.10.90.so
7ffff6dc4000-7ffff6dc8000 r--p 00173000 fd:00 2422                       /lib64/libc-2.10.90.so
7ffff6dc8000-7ffff6dc9000 rw-p 00177000 fd:00 2422                       /lib64/libc-2.10.90.so
7ffff6dc9000-7ffff6dce000 rw-p 00000000 00:00 0 
7ffff6dce000-7ffff6dd0000 r-xp 00000000 fd:00 21537                      /lib64/libutil-2.10.90.so
7ffff6dd0000-7ffff6fcf000 ---p 00002000 fd:00 21537                      /lib64/libutil-2.10.90.so
7ffff6fcf000-7ffff6fd0000 r--p 00001000 fd:00 21537                      /lib64/libutil-2.10.90.so
7ffff6fd0000-7ffff6fd1000 rw-p 00002000 fd:00 21537                      /lib64/libutil-2.10.90.so
7ffff6fd1000-7ffff6fe7000 r-xp 00000000 fd:00 18813                      /lib64/libresolv-2.10.90.so
7ffff6fe7000-7ffff71e7000 ---p 00016000 fd:00 18813                      /lib64/libresolv-2.10.90.so
7ffff71e7000-7ffff71e8000 r--p 00016000 fd:00 18813                      /lib64/libresolv-2.10.90.so
7ffff71e8000-7ffff71e9000 rw-p 00017000 fd:00 18813                      /lib64/libresolv-2.10.90.so
7ffff71e9000-7ffff71eb000 rw-p 00000000 00:00 0 
7ffff71eb000-7ffff7387000 r-xp 00000000 fd:00 28886                      /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so
7ffff7387000-7ffff7586000 ---p 0019c000 fd:00 28886                      /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so
7ffff7586000-7ffff7590000 rw-p 0019b000 fd:00 28886                      /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so
7ffff7590000-7ffff7595000 r-xp 00000000 fd:00 14429                      /usr/lib64/libgpm.so.2.1.0
7ffff7595000-7ffff7795000 ---p 00005000 fd:00 14429                      /usr/lib64/libgpm.so.2.1.0
7ffff7795000-7ffff7796000 rw-p 00005000 fd:00 14429                      /usr/lib64/libgpm.so.2.1.0
7ffff7796000-7ffff779d000 r-xp 00000000 fd:00 13019                      /lib64/libacl.so.1.1.0
7ffff779d000-7ffff799c000 ---p 00007000 fd:00 13019                      /lib64/libacl.so.1.1.0
7ffff799c000-7ffff799d000 rw-p 00006000 fd:00 13019                      /lib64/libacl.so.1.1.0
7ffff799d000-7ffff79bf000 r-xp 00000000 fd:00 11959                      /lib64/libncurses.so.5.7
7ffff79bf000-7ffff7bbe000 ---p 00022000 fd:00 11959                      /lib64/libncurses.so.5.7
7ffff7bbe000-7ffff7bbf000 rw-p 00021000 fd:00 11959                      /lib64/libncurses.so.5.7
7ffff7bbf000-7ffff7bdb000 r-xp 00000000 fd:00 2100                       /lib64/libselinux.so.1
7ffff7bdb000-7ffff7dda000 ---p 0001c000 fd:00 2100                       /lib64/libselinux.so.1
7ffff7dda000-7ffff7ddb000 r--p 0001b000 fd:00 2100                       /lib64/libselinux.so.1
7ffff7ddb000-7ffff7ddc000 rw-p 0001c000 fd:00 2100                       /lib64/libselinux.so.1
7ffff7ddc000-7ffff7ddd000 rw-p 00000000 00:00 0 
7ffff7ddd000-7ffff7dfd000 r-xp 00000000 fd:00 2193                       /lib64/ld-2.10.90.so
7ffff7fd8000-7ffff7fe1000 rw-p 00000000 00:00 0 
7ffff7ffa000-7ffff7ffb000 rw-p 00000000 00:00 0 
7ffff7ffb000-7ffff7ffc000 r-xp 00000000 00:00 0                          [vdso]
7ffff7ffc000-7ffff7ffd000 r--p 0001f000 fd:00 2193                       /lib64/ld-2.10.90.so
7ffff7ffd000-7ffff7ffe000 rw-p 00020000 fd:00 2193                       /lib64/ld-2.10.90.so
7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0 
7ffffffea000-7ffffffff000 rw-p 00000000 00:00 0                          [stack]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

Program received signal SIGABRT, Aborted.
0x00007ffff6a84675 in *__GI_raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64	  return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
Current language:  auto; currently minimal
(gdb) where
#0  0x00007ffff6a84675 in *__GI_raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007ffff6a85e55 in *__GI_abort () at abort.c:92
#2  0x00007ffff6ac0fd3 in __libc_message (do_abort=<value optimized out>, 
    fmt=<value optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:186
#3  0x00007ffff6b8e979 in ?? () from /lib64/libc.so.6
#4  0x0000000000000004 in ?? ()
#5  0x00007ffff6b8e910 in ?? () from /lib64/libc.so.6
#6  0x0000000000000018 in ?? ()
#7  0x00007ffff6b8e97f in ?? () from /lib64/libc.so.6
#8  0x0000000000000006 in ?? ()
#9  0x00007fffffffe5a4 in ?? ()
#10 0x000000000000000c in ?? ()
#11 0x00007ffff6b8e987 in ?? () from /lib64/libc.so.6
#12 0x000000000000000c in ?? ()
#13 0x00007ffff7fdc9f0 in ?? ()
#14 0x00007ffff7fdf9c0 in ?? ()
#15 0x00007ffff6b8e987 in ?? () from /lib64/libc.so.6
#16 0x000000000000000c in ?? ()
#17 0x00007fffffffd820 in ?? ()
#18 0x00007ffff759106b in ?? () from /usr/lib64/libgpm.so.2
#19 0x00007fffffffd8d0 in ?? ()
#20 0x00007ffff6ac0dca in __libc_message (do_abort=<value optimized out>, 
---Type <return> to continue, or q <return> to quit---
    fmt=<value optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:83
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb) quit
The program is running.  Quit anyway (and kill it)? (y or n) y
[tbl@tlondon ~]$
Comment 2 Karsten Hopp 2009-07-31 16:43:54 EDT
*** Bug 514987 has been marked as a duplicate of this bug. ***
Comment 3 James Laska 2009-07-31 17:14:33 EDT
Adjusting severity to 'high' (see http://fedoraproject.org/wiki/BugZappers/BugStatusWorkFlow#Severity).  Adding for consideration to the F12Alpha blocker list.
Comment 4 Pete Zaitcev 2009-07-31 18:27:05 EDT
*** Bug 515030 has been marked as a duplicate of this bug. ***
Comment 5 Karsten Hopp 2009-07-31 19:24:24 EDT
I've updated vim to the latest patchlevel, please test again with vim-7.2-245.
It's available from http://koji.fedoraproject.org/koji/taskinfo?taskID=1571067 and will show up in Rawhide soon.
Comment 6 Tom London 2009-07-31 19:34:45 EDT
I've downloaded/installed from koji: 

It fails pretty much the same way:

[tbl@tlondon ~]$ vi
*** buffer overflow detected ***: vim terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7f0df4cdaec7]
/lib64/libc.so.6[0x7f0df4cd8e60]
vim(eval_init+0x6f)[0x45aaaf]
vim(main+0x82)[0x4ad7d2]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x7f0df4bffb8d]
vim[0x4223b9]
======= Memory map: ========
00400000-005c6000 r-xp 00000000 fd:00 14546                              /usr/bin/vim
007c5000-007d8000 rw-p 001c5000 fd:00 14546                              /usr/bin/vim
007d8000-007e1000 rw-p 00000000 00:00 0 
00eca000-00eeb000 rw-p 00000000 00:00 0                                  [heap]
7f0df3496000-7f0df34b0000 r-xp 00000000 fd:00 11908                      /lib64/libgcc_s-4.4.1-20090725.so.1
7f0df34b0000-7f0df36af000 ---p 0001a000 fd:00 11908                      /lib64/libgcc_s-4.4.1-20090725.so.1
7f0df36af000-7f0df36b0000 rw-p 00019000 fd:00 11908                      /lib64/libgcc_s-4.4.1-20090725.so.1
7f0df36b0000-7f0df3709000 r-xp 00000000 fd:00 11565                      /lib64/libfreebl3.so
7f0df3709000-7f0df3909000 ---p 00059000 fd:00 11565                      /lib64/libfreebl3.so
7f0df3909000-7f0df390a000 rw-p 00059000 fd:00 11565                      /lib64/libfreebl3.so
7f0df390a000-7f0df390f000 rw-p 00000000 00:00 0 
7f0df390f000-7f0df3917000 r-xp 00000000 fd:00 11895                      /lib64/libcrypt-2.10.90.so
7f0df3917000-7f0df3b16000 ---p 00008000 fd:00 11895                      /lib64/libcrypt-2.10.90.so
7f0df3b16000-7f0df3b17000 r--p 00007000 fd:00 11895                      /lib64/libcrypt-2.10.90.so
7f0df3b17000-7f0df3b18000 rw-p 00008000 fd:00 11895                      /lib64/libcrypt-2.10.90.so
7f0df3b18000-7f0df3b46000 rw-p 00000000 00:00 0 
7f0df3b46000-7f0df3b5d000 r-xp 00000000 fd:00 13052                      /lib64/libnsl-2.10.90.so
7f0df3b5d000-7f0df3d5c000 ---p 00017000 fd:00 13052                      /lib64/libnsl-2.10.90.so
7f0df3d5c000-7f0df3d5d000 r--p 00016000 fd:00 13052                      /lib64/libnsl-2.10.90.so
7f0df3d5d000-7f0df3d5e000 rw-p 00017000 fd:00 13052                      /lib64/libnsl-2.10.90.so
7f0df3d5e000-7f0df3d60000 rw-p 00000000 00:00 0 
7f0df3d60000-7f0df3d64000 r-xp 00000000 fd:00 12998                      /lib64/libattr.so.1.1.0
7f0df3d64000-7f0df3f63000 ---p 00004000 fd:00 12998                      /lib64/libattr.so.1.1.0
7f0df3f63000-7f0df3f64000 rw-p 00003000 fd:00 12998                      /lib64/libattr.so.1.1.0
7f0df3f64000-7f0df3f81000 r-xp 00000000 fd:00 12077                      /lib64/libtinfo.so.5.7
7f0df3f81000-7f0df4181000 ---p 0001d000 fd:00 12077                      /lib64/libtinfo.so.5.7
7f0df4181000-7f0df4185000 rw-p 0001d000 fd:00 12077                      /lib64/libtinfo.so.5.7
7f0df4185000-7f0df419d000 r-xp 00000000 fd:00 16912                      /lib64/libpthread-2.10.90.so
7f0df419d000-7f0df439c000 ---p 00018000 fd:00 16912                      /lib64/libpthread-2.10.90.so
7f0df439c000-7f0df439d000 r--p 00017000 fd:00 16912                      /lib64/libpthread-2.10.90.so
7f0df439d000-7f0df439e000 rw-p 00018000 fd:00 16912                      /lib64/libpthread-2.10.90.so
7f0df439e000-7f0df43a2000 rw-p 00000000 00:00 0 
7f0df43a2000-7f0df43a4000 r-xp 00000000 fd:00 12377                      /lib64/libdl-2.10.90.so
7f0df43a4000-7f0df45a4000 ---p 00002000 fd:00 12377                      /lib64/libdl-2.10.90.so
7f0df45a4000-7f0df45a5000 r--p 00002000 fd:00 12377                      /lib64/libdl-2.10.90.so
7f0df45a5000-7f0df45a6000 rw-p 00003000 fd:00 12377                      /lib64/libdl-2.10.90.so
7f0df45a6000-7f0df462a000 r-xp 00000000 fd:00 13001                      /lib64/libm-2.10.90.so
7f0df462a000-7f0df4829000 ---p 00084000 fd:00 13001                      /lib64/libm-2.10.90.so
7f0df4829000-7f0df482a000 r--p 00083000 fd:00 13001                      /lib64/libm-2.10.90.so
7f0df482a000-7f0df482b000 rw-p 00084000 fd:00 13001                      /lib64/libm-2.10.90.so
7f0df482b000-7f0df4999000 r-xp 00000000 fd:00 104952                     /usr/lib64/libpython2.6.so.1.0
7f0df4999000-7f0df4b98000 ---p 0016e000 fd:00 104952                     /usr/lib64/libpython2.6.so.1.0
7f0df4b98000-7f0df4bd3000 rw-p 0016d000 fd:00 104952                     /usr/lib64/libpython2.6.so.1.0
7f0df4bd3000-7f0df4be1000 rw-p 00000000 00:00 0 
7f0df4be1000-7f0df4d54000 r-xp 00000000 fd:00 2422                       /lib64/libc-2.10.90.so
7f0df4d54000-7f0df4f54000 ---p 00173000 fd:00 2422                       /lib64/libc-2.10.90.so
7f0df4f54000-7f0df4f58000 r--p 00173000 fd:00 2422                       /lib64/libc-2.10.90.so
7f0df4f58000-7f0df4f59000 rw-p 00177000 fd:00 2422                       /lib64/libc-2.10.90.so
7f0df4f59000-7f0df4f5e000 rw-p 00000000 00:00 0 
7f0df4f5e000-7f0df4f60000 r-xp 00000000 fd:00 21537                      /lib64/libutil-2.10.90.so
7f0df4f60000-7f0df515f000 ---p 00002000 fd:00 21537                      /lib64/libutil-2.10.90.so
7f0df515f000-7f0df5160000 r--p 00001000 fd:00 21537                      /lib64/libutil-2.10.90.so
7f0df5160000-7f0df5161000 rw-p 00002000 fd:00 21537                      /lib64/libutil-2.10.90.so
7f0df5161000-7f0df5177000 r-xp 00000000 fd:00 18813                      /lib64/libresolv-2.10.90.so
7f0df5177000-7f0df5377000 ---p 00016000 fd:00 18813                      /lib64/libresolv-2.10.90.so
7f0df5377000-7f0df5378000 r--p 00016000 fd:00 18813                      /lib64/libresolv-2.10.90.so
7f0df5378000-7f0df5379000 rw-p 00017000 fd:00 18813                      /lib64/libresolv-2.10.90.so
7f0df5379000-7f0df537b000 rw-p 00000000 00:00 0 
7f0df537b000-7f0df5517000 r-xp 00000000 fd:00 28886                      /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so
7f0df5517000-7f0df5716000 ---p 0019c000 fd:00 28886                      /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so
7f0df5716000-7f0df5720000 rw-p 0019b000 fd:00 28886                      /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so
7f0df5720000-7f0df5725000 r-xp 00000000 fd:00 14429                      /usr/lib64/libgpm.so.2.1.0
7f0df5725000-7f0df5925000 ---p 00005000 fd:00 14429                      /usr/lib64/libgpm.so.2.1.0
7f0df5925000-7f0df5926000 rw-p 00005000 fd:00 14429                      /usr/lib64/libgpm.so.2.1.0
7f0df5926000-7f0df592d000 r-xp 00000000 fd:00 13019                      /lib64/libacl.so.1.1.0
7f0df592d000-7f0df5b2c000 ---p 00007000 fd:00 13019                      /lib64/libacl.so.1.1.0
7f0df5b2c000-7f0df5b2d000 rw-p 00006000 fd:00 13019                      /lib64/libacl.so.1.1.0
7f0df5b2d000-7f0df5b4f000 r-xp 00000000 fd:00 11959                      /lib64/libncurses.so.5.7
7f0df5b4f000-7f0df5d4e000 ---p 00022000 fd:00 11959                      /lib64/libncurses.so.5.7
7f0df5d4e000-7f0df5d4f000 rw-p 00021000 fd:00 11959                      /lib64/libncurses.so.5.7
7f0df5d4f000-7f0df5d6b000 r-xp 00000000 fd:00 2100                       /lib64/libselinux.so.1
7f0df5d6b000-7f0df5f6a000 ---p 0001c000 fd:00 2100                       /lib64/libselinux.so.1
7f0df5f6a000-7f0df5f6b000 r--p 0001b000 fd:00 2100                       /lib64/libselinux.so.1
7f0df5f6b000-7f0df5f6c000 rw-p 0001c000 fd:00 2100                       /lib64/libselinux.so.1
7f0df5f6c000-7f0df5f6d000 rw-p 00000000 00:00 0 
7f0df5f6d000-7f0df5f8d000 r-xp 00000000 fd:00 2193                       /lib64/ld-2.10.90.so
7f0df6169000-7f0df6172000 rw-p 00000000 00:00 0 
7f0df618b000-7f0df618c000 rw-p 00000000 00:00 0 
7f0df618c000-7f0df618d000 r--p 0001f000 fd:00 2193                       /lib64/ld-2.10.90.so
7f0df618d000-7f0df618e000 rw-p 00020000 fd:00 2193                       /lib64/ld-2.10.90.so
7f0df618e000-7f0df618f000 rw-p 00000000 00:00 0 
7fffcb1ad000-7fffcb1c2000 rw-p 00000000 00:00 0                          [stack]
7fffcb1ff000-7fffcb200000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted (core dumped)
[tbl@tlondon ~]$
Comment 7 Tom London 2009-07-31 19:38:33 EDT
Running with valgrind:

[tbl@tlondon ~]$ valgrind vim
==5406== Memcheck, a memory error detector.
==5406== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al.
==5406== Using LibVEX rev 1884, a library for dynamic binary translation.
==5406== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP.
==5406== Using valgrind-3.4.1, a dynamic binary instrumentation framework.
==5406== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al.
==5406== For more details, rerun with: -v
==5406== 
**5406** *** strcpy_chk: buffer overflow detected ***: program terminated
==5406==    at 0x4C29203: VALGRIND_PRINTF_BACKTRACE (valgrind.h:3695)
==5406==    by 0x4C293C0: __strcpy_chk (mc_replace_strmem.c:614)
==5406==    by 0x45AAAE: eval_init (in /usr/bin/vim)
==5406==    by 0x4AD7D1: main (in /usr/bin/vim)
==5406== 
==5406== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 1)
==5406== malloc/free: in use at exit: 8,201 bytes in 2 blocks.
==5406== malloc/free: 2 allocs, 0 frees, 8,201 bytes allocated.
==5406== For counts of detected errors, rerun with: -v
==5406== searching for pointers to 2 not-freed blocks.
==5406== checked 860,192 bytes.
==5406== 
==5406== LEAK SUMMARY:
==5406==    definitely lost: 0 bytes in 0 blocks.
==5406==      possibly lost: 0 bytes in 0 blocks.
==5406==    still reachable: 8,201 bytes in 2 blocks.
==5406==         suppressed: 0 bytes in 0 blocks.
==5406== Rerun with --leak-check=full to see details of leaked memory.
[tbl@tlondon ~]$
Comment 8 Pete Zaitcev 2009-07-31 21:17:15 EDT
Created attachment 355869 [details]
Candidate patch 1

God, glibc is so retarded. Let's try to shut it up with memcpy, it used
to work for me before.
Comment 9 Pete Zaitcev 2009-07-31 21:42:17 EDT
My patch works, I rebuilt good vim rpms (outside of Koji though).
But this area of code is all screwed up. They should've used di_key[0],
or the real size, but not these shitty tricks.
Comment 10 Kevin Fenzi 2009-08-01 15:43:44 EDT
I'm seeing this here as well... will try the patch from comment #8.
Comment 11 Kevin Fenzi 2009-08-01 16:23:27 EDT
Works here as well. 
Scratch build at: http://koji.fedoraproject.org/koji/taskinfo?taskID=1572782
for anyone who needs it.
Comment 12 Kjartan Maraas 2009-08-02 06:40:23 EDT
*** Bug 515117 has been marked as a duplicate of this bug. ***
Comment 13 Anton Arapov 2009-08-03 10:40:46 EDT
fyi, patch works for me as well. // x86_64
Comment 14 Adam Tkac 2009-08-03 10:52:23 EDT
Created attachment 356043 [details]
another candidate patch

This patch gets rid of nasty hack in struct vimvar which is obvious candidate for problems.
Comment 15 Pete Zaitcev 2009-08-03 12:05:01 EDT
That sounds better at the expense of some insignificant increase
in memory consumption. We just need Karsten to do something about it.
Comment 16 Karsten Hopp 2009-08-03 13:15:46 EDT
I've built a version with Adam's patch. You can download it from
http://koji.fedoraproject.org/koji/taskinfo?taskID=1576386 until it shows up in Rawhide
Comment 17 Tom London 2009-08-03 13:25:24 EDT
Looks like 

vim-common-7.2.245-2.fc12.x86_64
vim-minimal-7.2.245-2.fc12.x86_64
vim-debuginfo-7.2.245-2.fc12.x86_64
vim-enhanced-7.2.245-2.fc12.x86_64

"Works for me" on a few test cases that immediately crashed before.
Comment 18 Valdis Kletnieks 2009-08-03 22:30:39 EDT
Confirming - koji 7.2.245-2-fc12.x86_64 works here too. Thanks for the quick patch. :)
Comment 19 Tom London 2009-08-04 18:24:40 EDT
Fix good enough to close this?