On Feb 5, 2008 8:40 AM, Tony Mechelynck <[EMAIL PROTECTED]> wrote:
>
> Kazuo Teramoto wrote:
> >> Same (start at X, stop at Y) for
> >> :call search("^", "e")
> >> :call search("^", "ce")
> >
> > Ouch, for me this is a little more serious, if I try this calls my vim
> > always segfault (I don't need a test file and using -u NONE -U none),
> > I don't know what need to be posted but the :version is
> >
> > VIM - Vi IMproved 7.0 (2006 May 7, compiled Aug 29 2007 10:59:43)
> > Included patches: 1-122, 234-235, 39
> > Big version without GUI. Features included (+) or not (-):
>
> ??? with patch 39 applied twice ??? none of 123-233 (a hundred and eleven
> missing patches) ??? and no "compiled-by" line ??? Oh, and it's a 7.0 anyway.
> Maybe you ought to install a 7.1 version (of which the current patchlevel is
> 7.1.242)? See my "HowTo" page,
> http://users.skynet.be/antoine.mechelynck/vim/compunix.htm
I have a normal installation of vim-7.1.242 (all patches) and it's
crashing for me as well. I have the same version of vim on
2 machines (one linux x66 and one linux x86_64) and it's only
crashing on the the x86_64 machine only.
As soon as I type ":call search('\_s*a\_s*','e')" I get a core dump
on the x86_64 machine:
$ ./vim
Vim: Caught deadly signal SEGV
Vim: preserving files...
Vim: Finished.
Segmentation fault (core dumped)
$ gdb ./vim core
...
Core was generated by `./vim'.
Program terminated with signal 11, Segmentation fault.
#0 0x00002b71866ebe47 in kill () from /lib64/libc.so.6
(gdb) bt
#0 0x00002b71866ebe47 in kill () from /lib64/libc.so.6
#1 0x000000000050e38d in may_core_dump () at os_unix.c:2950
#2 0x000000000050e328 in mch_exit (r=1) at os_unix.c:2915
#3 0x00000000004a5eb3 in getout (exitval=1) at main.c:1342
#4 0x00000000004d2128 in preserve_exit () at misc1.c:8355
#5 0x000000000050c73d in deathtrap (sigarg=11) at os_unix.c:1030
#6 <signal handler called>
#7 0x00000000004e0b33 in utf_head_off (base=0x9251c4 "c Y",
p=0x1009251c3 <Address 0x1009251c3 out of bounds>) at mbyte.c:2480
#8 0x0000000000539235 in searchit (win=0x831b90, buf=0x8333f0,
pos=0x7fff2690fa00, dir=1, pat=0x947c80 "\\_s*a\\_s*", count=1,
options=1088, pat_use=0, stop_lnum=0, tm=0x7fff2690f9e0) at search.c:848
#9 0x00000000004420e7 in search_cmn (argvars=0x7fff2690fbc0, match_pos=0x0,
flagsp=0x7fff2690fa8c) at eval.c:14077
#10 0x00000000004421cc in f_search (argvars=0x7fff2690fbc0,
rettv=0x7fff2690fd80) at eval.c:14120
#11 0x0000000000439522 in call_func (name=0x986920 "search", len=6,
rettv=0x7fff2690fd80, argcount=2, argvars=0x7fff2690fbc0, firstline=1,
lastline=1, doesrange=0x7fff2690fd7c, evaluate=1, selfdict=0x0)
at eval.c:7632
#12 0x0000000000439043 in get_func_tv (name=0x986920 "search", len=6,
rettv=0x7fff2690fd80, arg=0x7fff2690fda0, firstline=1, lastline=1,
doesrange=0x7fff2690fd7c, evaluate=1, selfdict=0x0) at eval.c:7450
#13 0x0000000000432c73 in ex_call (eap=0x7fff2690fe80) at eval.c:3215
#14 0x0000000000463c6b in do_one_cmd (cmdlinep=0x7fff26910528, sourcing=0,
cstack=0x7fff26910080, fgetline=0x47821a <getexline>, cookie=0x0)
at ex_docmd.c:2623
#15 0x000000000046146a in do_cmdline (cmdline=0x0,
getline=0x47821a <getexline>, cookie=0x0, flags=0) at ex_docmd.c:1099
#16 0x00000000004ebdd2 in nv_colon (cap=0x7fff26910670) at normal.c:5179
#17 0x00000000004e4dd8 in normal_cmd (oap=0x7fff26910730, toplevel=1)
at normal.c:1152
#18 0x00000000004a5be2 in main_loop (cmdwin=0, noexmode=0) at main.c:1181
#19 0x00000000004a572e in main (argc=1, argv=0x7fff26910a28) at main.c:940
(gdb) up
#1 0x000000000050e38d in may_core_dump () at os_unix.c:2950
2950 kill(getpid(), deadly_signal); /* Die using the
signal we caught */
(gdb)
#2 0x000000000050e328 in mch_exit (r=1) at os_unix.c:2915
2915 may_core_dump();
(gdb)
#3 0x00000000004a5eb3 in getout (exitval=1) at main.c:1342
1342 mch_exit(exitval);
(gdb)
#4 0x00000000004d2128 in preserve_exit () at misc1.c:8355
8355 getout(1);
(gdb)
#5 0x000000000050c73d in deathtrap (sigarg=11) at os_unix.c:1030
1030 preserve_exit(); /* preserve files and exit */
(gdb)
#6 <signal handler called>
(gdb)
#7 0x00000000004e0b33 in utf_head_off (base=0x9251c4 "c Y",
p=0x1009251c3 <Address 0x1009251c3 out of bounds>) at mbyte.c:2480
2480 if (*p < 0x80) /* be quick for ASCII */
(gdb) p p
$1 = (char_u *) 0x1009251c3 <Address 0x1009251c3 out of bounds>
-> pointer 'p' is invalid
Valgrind memory checker also detects a problem when
doing ":call search('\_s*a\_s*','e')" at the same location
on the x86_64 machine (no problem detected on the
x86 machine):
==13671== Invalid read of size 1
==13671== at 0x4E0B33: utf_head_off (mbyte.c:2480)
==13671== by 0x539234: searchit (search.c:848)
==13671== by 0x4420E6: search_cmn (eval.c:14077)
==13671== by 0x4421CB: f_search (eval.c:14120)
==13671== by 0x439521: call_func (eval.c:7632)
==13671== by 0x439042: get_func_tv (eval.c:7450)
==13671== by 0x432C72: ex_call (eval.c:3215)
==13671== by 0x463C6A: do_one_cmd (ex_docmd.c:2623)
==13671== by 0x461469: do_cmdline (ex_docmd.c:1099)
==13671== by 0x4EBDD1: nv_colon (normal.c:5179)
==13671== by 0x4E4DD7: normal_cmd (normal.c:1152)
==13671== by 0x4A5BE1: main_loop (main.c:1181)
==13671== by 0x4A572D: main (main.c:940)
==13671== Address 0x10b5e697f is not stack'd, malloc'd or (recently) free'd
I can reproduce it 100% of the time.
-- Dominique
--~--~---------~--~----~------------~-------~--~----~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~----------~----~----~----~------~----~------~--~---
