Hi
I observe the following access to free memory with both
Vim-7.2.466 and Vim-7.3b BETA (2411:ca3f40b0d95e):
==4135== Invalid read of size 1
==4135== at 0x808B1D0: set_var_lval (eval.c:2855)
==4135== by 0x808B3AE: var_redir_stop (eval.c:1147)
==4135== by 0x80A44EC: close_redir (ex_docmd.c:8758)
==4135== by 0x80A4754: ex_redir (ex_docmd.c:8654)
==4135== by 0x80AD7A6: do_one_cmd (ex_docmd.c:2656)
==4135== by 0x80ABC87: do_cmdline (ex_docmd.c:1122)
==4135== by 0x809F801: do_source (ex_cmds2.c:3204)
==4135== by 0x809FED4: cmd_source (ex_cmds2.c:2809)
==4135== by 0x80AD7A6: do_one_cmd (ex_docmd.c:2656)
==4135== by 0x80ABC87: do_cmdline (ex_docmd.c:1122)
==4135== by 0x8126B0E: nv_colon (normal.c:5318)
==4135== by 0x8128A50: normal_cmd (normal.c:1190)
==4135== Address 0x504dff1 is 1 bytes inside a block of size 17 free'd
==4135== at 0x4024B8A: free (vg_replace_malloc.c:366)
==4135== by 0x807FE91: dict_free (eval.c:6863)
==4135== by 0x807FD97: clear_tv (eval.c:19156)
==4135== by 0x808A43F: set_var (eval.c:19781)
==4135== by 0x808B300: set_var_lval (eval.c:2851)
==4135== by 0x808EDF7: ex_let_one (eval.c:2467)
==4135== by 0x808F372: ex_let_vars (eval.c:1922)
==4135== by 0x808F97A: ex_let (eval.c:1887)
==4135== by 0x80AD7A6: do_one_cmd (ex_docmd.c:2656)
==4135== by 0x80ABC87: do_cmdline (ex_docmd.c:1122)
==4135== by 0x809F801: do_source (ex_cmds2.c:3204)
==4135== by 0x809FED4: cmd_source (ex_cmds2.c:2809)
...several other related errors after that and memory leaks when exiting Vim...
==4201== 149 bytes in 1 blocks are definitely lost in loss record 94 of 114
==4201== at 0x4024F70: malloc (vg_replace_malloc.c:236)
==4201== by 0x81106E7: lalloc (misc2.c:919)
==4201== by 0x8110998: alloc (misc2.c:818)
==4201== by 0x8101052: concat_str (misc1.c:4704)
==4201== by 0x8082193: tv_op (eval.c:3012)
==4201== by 0x808B311: set_var_lval (eval.c:2921)
==4201== by 0x808B3AE: var_redir_stop (eval.c:1147)
==4201== by 0x80A44EC: close_redir (ex_docmd.c:8758)
==4201== by 0x80A4754: ex_redir (ex_docmd.c:8654)
==4201== by 0x80AD7A6: do_one_cmd (ex_docmd.c:2656)
==4201== by 0x80ABC87: do_cmdline (ex_docmd.c:1122)
==4201== by 0x809F801: do_source (ex_cmds2.c:3204)
Steps to reproduce:
1) Create the following "use-free-mem.vim" script:
$ cat use-free-mem.vim
let temp={}
while 1
redir => temp[0]
exe "silent! ls"
redir END
endwhile
2) Start vim with:
$ valgrind --leak-check=yes vim -u NONE use-free-mem.vim 2> /tmp/valgrind.log
3) Run Ex command: :so %
4) Press CTRL-C to interrupt the infinite loop
5) Rerun the same Ex command: :so %
6) Observe errors in /tmp/valgrind.log
I have not yet been able to fix it.
Script "use-free_mem.vim" is a simplified way to reproduce
a bug which I initially saw while using the csv plugin [1] from
Christian Brabandt, where pressing CTRL-C while processing
a large csv file triggered that error.
[1] http://www.vim.org/scripts/script.php?script_id=2830
Regards
-- Dominique
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
