On 10/14/07, Dominique Pelle <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Valgrind memory checker finds use of uninitialized memory in
> vim7/src/diff.c when diffing 3 files or more. I don't see such
> errors when diffing 2 files only.
>
> I can reproduce the problem by diffing 3 vim source files for example:
>
> $ cd vim7/src
> $ valgrind ./vim -u NONE -U NONE -d syntax.c spell.c screen.c 2> vg.log
>
> (admittedly it does not make much sense to diff those 3 files but
> it shows the bug)
>
> ==24682== Conditional jump or move depends on uninitialised value(s)
> ==24682== at 0x805964D: diff_infold (diff.c:1964)
> ==24682== by 0x80C644A: foldlevelDiff (fold.c:2991)
> ==24682== by 0x80C5100: foldUpdateIEMS (fold.c:2294)
> ==24682== by 0x80C30C5: foldUpdate (fold.c:861)
> ==24682== by 0x80C3838: checkupdate (fold.c:1226)
> ==24682== by 0x80C220D: hasFoldingWin (fold.c:164)
> ==24682== by 0x8058EB8: diff_set_topline (diff.c:1705)
> ==24682== by 0x8115178: check_scrollbind (normal.c:3975)
> ==24682== by 0x80D7939: main (main.c:903)
...
> 1313 for (i = idx_orig; i < idx_new + !notset; ++i)
> 1314 if (curtab->tp_diffbuf[i] != NULL)
> 1315 dp->df_count[i] = dpl->df_lnum[i] + dpl->df_count[i]
> 1316 - dp->df_lnum[i] + off;
>
> Adding printf() shows that variable dpl->df_count[i] (on the right)
> is uninitialized at line 1315, so left term dp->df_count[i]
> is also uninitialized as a result.
>
>
> When that happens i == 2, idx_new == 2 and notset is 0 (so !notset is 1).
Just to expand on this error...
I can see that line diff.c:1315 attempts to initialize
dp->df_count[0], dp->df_count[1] and dp->df_count[2].
But only dpl->df_count[0] and dpl->df_count[1] have
been initialized in a previous call to df_read(...).
So when line 1315 tries to initialize dp->df_count[2],
it uses uninitialized memory dpl->df_count[2].
I can see that before error happens, diff_read(...) has
been called only twice:
* first time with arguments
idx_orig=0, idx_new=1, fname=/tmp/v369210/2
* second time with:
idx_orig=0, idx_new=2, fname=/tmp/v369210/2
Second call uses dpl->df_count[...] which was initialized
in first call. But first call only initialized it for
indices 0 to 1, whereas second call uses it with
indices 0, 1 and 2 (hence error). How to fix it is
unclear to me.
-- Dominique
--~--~---------~--~----~------------~-------~--~----~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~----------~----~----~----~------~----~------~--~---
