stack-buffer-overflow in ex_finally function
https://raw.githubusercontent.com/xiowane/testfile/main/test
./vim -u NONE -i NONE -n -m -X -Z -e -s -S /src/results/crashes/test -c :qa!
=================================================================
==316==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffed0ad1d3e at pc 0x55cfb2a25f1c bp 0x7ffed0ad1a20 sp 0x7ffed0ad1a18
READ of size 2 at 0x7ffed0ad1d3e thread T0
#0 0x55cfb2a25f1b in ex_finally /src/src/ex_eval.c:1956:6
#1 0x55cfb29b8606 in do_one_cmd /src/src/ex_docmd.c:2569:2
#2 0x55cfb29b8606 in do_cmdline /src/src/ex_docmd.c:990:17
#3 0x55cfb313b072 in do_source_ext /src/src/scriptfile.c:1667:5
#4 0x55cfb314d1ae in do_source /src/src/scriptfile.c:1811:12
#5 0x55cfb314d1ae in cmd_source /src/src/scriptfile.c:1163:14
#6 0x55cfb314d1ae in ex_source /src/src/scriptfile.c:1189:2
#7 0x55cfb29b8606 in do_one_cmd /src/src/ex_docmd.c:2569:2
#8 0x55cfb29b8606 in do_cmdline /src/src/ex_docmd.c:990:17
#9 0x55cfb37d96d8 in do_cmdline_cmd /src/src/ex_docmd.c:584:12
#10 0x55cfb37d96d8 in exe_commands /src/src/main.c:3139:2
#11 0x55cfb37d96d8 in vim_main2 /src/src/main.c:781:2
#12 0x55cfb37d13ca in main /src/src/main.c:432:12
#13 0x7f1adb39cd8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d)
#14 0x7f1adb39ce3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d)
#15 0x55cfb2512344 in _start (/src/src/vim+0x2d5344) (BuildId: 1061b7518be8a6bf)
Address 0x7ffed0ad1d3e is located in stack of thread T0 at offset 670 in frame
#0 0x55cfb29a37af in do_cmdline /src/src/ex_docmd.c:624
This frame has 9 object(s):
[32, 36) 'bad_char_idx.i' (line 5397)
[48, 56) 'errormsg.i' (line 1730)
[80, 264) 'ea.i' (line 1732)
[336, 576) 'save_cmdmod.i' (line 1733)
[640, 648) 'cmdline_copy' (line 626)
[672, 2256) 'cstack' (line 634) <== Memory access at offset 670 underflows this variable
[2384, 2408) 'lines_ga' (line 635)
[2448, 2456) 'private_msg_list' (line 644)
[2480, 2512) 'cmd_loop_cookie' (line 649)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /src/src/ex_eval.c:1956:6 in ex_finally
Shadow bytes around the buggy address:
0x10005a152350: 00 00 00 00 f1 f1 f1 f1 f8 f2 00 f2 f2 f2 00 00
0x10005a152360: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10005a152370: 00 00 00 00 00 f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00
0x10005a152380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10005a152390: 00 00 00 00 00 00 00 00 00 00 00 00 f2 f2 f2 f2
=>0x10005a1523a0: f2 f2 f2 f2 00 f2 f2[f2]00 00 00 00 00 00 00 00
0x10005a1523b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10005a1523c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10005a1523d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10005a1523e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10005a1523f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==316==ABORTING