Paul Dufresne, le dim. 28 févr. 2021 01:01:10 -0500, a ecrit: > #26 0x031e5fa4 in abort () at /lib/i386-gnu/libc.so.0.3 > #27 0x03279e6f in () at /lib/i386-gnu/libc.so.0.3 > #28 0x0328177d in () at /lib/i386-gnu/libc.so.0.3 > #29 0x03282bbd in () at /lib/i386-gnu/libc.so.0.3 > #30 0x0817f5f1 in vim_free (x=0x100a4e30) at misc2.c:1807 > #31 0x081232e5 in unix_expandpath (gap=0x4805234, path=0x100328c0 "Xdir/", 'd' > <repeats 195 times>..., wildoff=773, flags=34, didstar=1) at filepath.c:3665
So this is trying to free buf() which was allocated at the beginning of unix_expandpath with size STRLEN(path) + BASENAMELEN + 5. I guess that length could simply be bogus, thus the overflow. It would then be useful to check whether it's indeed long enough, by looking what is happening to buf (and its aliases: p, s). Samuel
