Dominique Pelle wrote:
> I observe the following access to free memory with both
> Vim-7.2.466 and Vim-7.3b BETA (2411:ca3f40b0d95e):
>
> ==4135== Invalid read of size 1
> ==4135== at 0x808B1D0: set_var_lval (eval.c:2855)
> ==4135== by 0x808B3AE: var_redir_stop (eval.c:1147)
> ==4135== by 0x80A44EC: close_redir (ex_docmd.c:8758)
> ==4135== by 0x80A4754: ex_redir (ex_docmd.c:8654)
> ==4135== by 0x80AD7A6: do_one_cmd (ex_docmd.c:2656)
> ==4135== by 0x80ABC87: do_cmdline (ex_docmd.c:1122)
> ==4135== by 0x809F801: do_source (ex_cmds2.c:3204)
> ==4135== by 0x809FED4: cmd_source (ex_cmds2.c:2809)
> ==4135== by 0x80AD7A6: do_one_cmd (ex_docmd.c:2656)
> ==4135== by 0x80ABC87: do_cmdline (ex_docmd.c:1122)
> ==4135== by 0x8126B0E: nv_colon (normal.c:5318)
> ==4135== by 0x8128A50: normal_cmd (normal.c:1190)
> ==4135== Address 0x504dff1 is 1 bytes inside a block of size 17 free'd
> ==4135== at 0x4024B8A: free (vg_replace_malloc.c:366)
> ==4135== by 0x807FE91: dict_free (eval.c:6863)
> ==4135== by 0x807FD97: clear_tv (eval.c:19156)
> ==4135== by 0x808A43F: set_var (eval.c:19781)
> ==4135== by 0x808B300: set_var_lval (eval.c:2851)
> ==4135== by 0x808EDF7: ex_let_one (eval.c:2467)
> ==4135== by 0x808F372: ex_let_vars (eval.c:1922)
> ==4135== by 0x808F97A: ex_let (eval.c:1887)
> ==4135== by 0x80AD7A6: do_one_cmd (ex_docmd.c:2656)
> ==4135== by 0x80ABC87: do_cmdline (ex_docmd.c:1122)
> ==4135== by 0x809F801: do_source (ex_cmds2.c:3204)
> ==4135== by 0x809FED4: cmd_source (ex_cmds2.c:2809)
>
> ...several other related errors after that and memory leaks when exiting
> Vim...
>
> ==4201== 149 bytes in 1 blocks are definitely lost in loss record 94 of 114
> ==4201== at 0x4024F70: malloc (vg_replace_malloc.c:236)
> ==4201== by 0x81106E7: lalloc (misc2.c:919)
> ==4201== by 0x8110998: alloc (misc2.c:818)
> ==4201== by 0x8101052: concat_str (misc1.c:4704)
> ==4201== by 0x8082193: tv_op (eval.c:3012)
> ==4201== by 0x808B311: set_var_lval (eval.c:2921)
> ==4201== by 0x808B3AE: var_redir_stop (eval.c:1147)
> ==4201== by 0x80A44EC: close_redir (ex_docmd.c:8758)
> ==4201== by 0x80A4754: ex_redir (ex_docmd.c:8654)
> ==4201== by 0x80AD7A6: do_one_cmd (ex_docmd.c:2656)
> ==4201== by 0x80ABC87: do_cmdline (ex_docmd.c:1122)
> ==4201== by 0x809F801: do_source (ex_cmds2.c:3204)
>
> Steps to reproduce:
>
> 1) Create the following "use-free-mem.vim" script:
>
> $ cat use-free-mem.vim
> let temp={}
> while 1
> redir => temp[0]
> exe "silent! ls"
> redir END
> endwhile
>
> 2) Start vim with:
>
> $ valgrind --leak-check=yes vim -u NONE use-free-mem.vim 2>
> /tmp/valgrind.log
>
> 3) Run Ex command: :so %
>
> 4) Press CTRL-C to interrupt the infinite loop
>
> 5) Rerun the same Ex command: :so %
>
> 6) Observe errors in /tmp/valgrind.log
>
> I have not yet been able to fix it.
>
> Script "use-free_mem.vim" is a simplified way to reproduce
> a bug which I initially saw while using the csv plugin [1] from
> Christian Brabandt, where pressing CTRL-C while processing
> a large csv file triggered that error.
>
> [1] http://www.vim.org/scripts/script.php?script_id=2830
I'll add it to the todo list. But perhaps you figure out how to fix it.
--
No children may attend school with their breath smelling of "wild onions."
[real standing law in West Virginia, United States of America]
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ download, build and distribute -- http://www.A-A-P.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
