Valgrind memory checker detects use of uninitialised value vim:
==6865== Conditional jump or move depends on uninitialised value(s)
==6865== at 0x814E0BA: do_xterm_trace (os_unix.c:6121)
==6865== by 0x814E038: start_xterm_trace (os_unix.c:6081)
==6865== by 0x81B25BA: check_termcode (term.c:4301)
==6865== by 0x80D4A58: vgetorpeek (getchar.c:2253)
==6865== by 0x80D3B9C: vgetc (getchar.c:1552)
==6865== by 0x80D4117: safe_vgetc (getchar.c:1757)
==6865== by 0x8121D96: normal_cmd (normal.c:625)
==6865== by 0x80E5A49: main_loop (main.c:1181)
==6865== by 0x80E5599: main (main.c:940)
Steps to reproduce:
1/ Run vim with the mouse option in a terminal:
$ valgrind vim -u NONE -c 'set mouse=a' 2> vg.log
2/ Left click with the mouse anywhere in the terminal to position cursor
3/ Observe the valgrind error at os_unix.c:6121 (do_xterm_trace)
Cursor is positioned properly where I click (no apparent wrong
behavior despite the error).
Code in os_unix.c:
6118 /* Get the hints just before tracking starts. The font size might
6119 * have changed recently */
6120 XGetWMNormalHints(xterm_dpy, x11_window, &xterm_hints, &got_hints);
6121 if (!(got_hints & PResizeInc)
6122 || xterm_hints.width_inc <= 1
6123 || xterm_hints.height_inc <= 1)
6124 {
6125 xterm_trace = -1; /* Not enough data -- disable tracing */
6126 return FALSE;
6127 }
When error happens, call to XGetWMNormalHints(...) at line 6120 fails
somehow [i.e. it returns a 0 (error), I don't know why]. When
XGetWMNormalHints(...) fails, it does not initialize output value
got_hints, hence access to uninitialized value later at line 6121.
Here is a snippet of the man page of XGetWMNormalHints(...):
-------------------------------------------
The XGetWMNormalHints function returns the size hints stored in the WM_NOR‐
MAL_HINTS property on the specified window. If the property is of type
WM_SIZE_HINTS, is of format 32, and is long enough to contain either an old
(pre-ICCCM) or new size hints structure, XGetWMNormalHints sets the various
fields of the XSizeHints structure, sets the supplied_return argument to the
list of fields that were supplied by the user (whether or not they contained
defined values), and returns a nonzero status. Otherwise, it returns a zero
status.
If XGetWMNormalHints returns successfully and a pre-ICCCM size hints property
is read, the supplied_return argument will contain the following bits:
-------------------------------------------
I attach a patch which fixes it by checking the return value of
XGetWMNormalHints(...). It would be interesting to know why
XGetWMNormalHints(...) failed in the first place though.
I am using vim-7.1 (Patches 1-220) built with 'configure --with-feature=huge',
without optimizations (-g -O0) on Linux in a gnome-terminal.
-- Dominique
--~--~---------~--~----~------------~-------~--~----~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~----------~----~----~----~------~----~------~--~---
Index: os_unix.c
===================================================================
RCS file: /cvsroot/vim/vim7/src/os_unix.c,v
retrieving revision 1.75
diff -c -r1.75 os_unix.c
*** os_unix.c 3 Jan 2008 17:55:44 -0000 1.75
--- os_unix.c 13 Jan 2008 07:57:25 -0000
***************
*** 6117,6124 ****
{
/* Get the hints just before tracking starts. The font size might
* have changed recently */
! XGetWMNormalHints(xterm_dpy, x11_window, &xterm_hints, &got_hints);
! if (!(got_hints & PResizeInc)
|| xterm_hints.width_inc <= 1
|| xterm_hints.height_inc <= 1)
{
--- 6117,6124 ----
{
/* Get the hints just before tracking starts. The font size might
* have changed recently */
! if (!XGetWMNormalHints(xterm_dpy, x11_window, &xterm_hints, &got_hints)
! || !(got_hints & PResizeInc)
|| xterm_hints.width_inc <= 1
|| xterm_hints.height_inc <= 1)
{
