Dominique Pelle wrote:
> On Feb 12, 2008 9:55 PM, Ankit Jain <[EMAIL PROTECTED]> wrote:
>
> > Hi,
> >
> > > When I run this I get an error for not being able to connect. Thus you
> > > probably do this with a running netbeans. Perhaps the netbeans side has
> > > something to do with this?
> >
> > No, actually I'm trying to embed this in MonoDevelop. You can reproduce this
> > w/o that too --
> >
> > start this on one terminal-> netcat -l -p 9000
> > And from another do
> > gvim --servername abc -nb:localhost:9000:foo
> >
> > You should get a connection on first term,
> >
> > AUTH foo
> > 0:version=0 "2.4"
> > 0:startupDone=0
> >
> > Type this in that terminal-
> > 1:create!1
> >
> > Now you can try hello and then backspace in gvim, should repro the
> > bug.
>
>
> I'm not familiar with netbeans, but I tried what you just described and
> I could reproduce the bug.
>
> I then tried it with valgrind memory checker and it detected a
> bug (access to freed memory):
>
> $ valgrind ./vim -g --servername abc -nb:localhost:9000:foo 2> vg.log
>
> ==28631== Invalid read of size 1
> ==28631== at 0x40238D0: memmove (mc_replace_strmem.c:514)
> ==28631== by 0x81087DC: del_bytes (misc1.c:2289)
> ==28631== by 0x810857A: del_chars (misc1.c:2179)
> ==28631== by 0x81084E7: del_char (misc1.c:2152)
> ==28631== by 0x806FDED: ins_bs (edit.c:8566)
> ==28631== by 0x8064875: edit (edit.c:1057)
> ==28631== by 0x812F6E4: invoke_edit (normal.c:8809)
> ==28631== by 0x812F689: nv_edit (normal.c:8782)
> ==28631== by 0x8122E86: normal_cmd (normal.c:1152)
> ==28631== by 0x80E5D2D: main_loop (main.c:1181)
> ==28631== by 0x80E587D: main (main.c:940)
> ==28631== Address 0x50035FD is 5 bytes inside a block of size 6 free'd
> ==28631== at 0x402237F: free (vg_replace_malloc.c:233)
> ==28631== by 0x8113F5D: vim_free (misc2.c:1580)
> ==28631== by 0x80F8650: ml_flush_line (memline.c:3149)
> ==28631== by 0x80FAE99: ml_find_line_or_offset (memline.c:4719)
> ==28631== by 0x81E0E29: pos2off (netbeans.c:3529)
> ==28631== by 0x81DFF27: netbeans_removed (netbeans.c:2988)
> ==28631== by 0x8108764: del_bytes (misc1.c:2277)
> ==28631== by 0x810857A: del_chars (misc1.c:2179)
> ==28631== by 0x81084E7: del_char (misc1.c:2152)
> ==28631== by 0x806FDED: ins_bs (edit.c:8566)
> ==28631== by 0x8064875: edit (edit.c:1057)
> ==28631== by 0x812F6E4: invoke_edit (normal.c:8809)
> ==28631== by 0x812F689: nv_edit (normal.c:8782)
> ==28631== by 0x8122E86: normal_cmd (normal.c:1152)
> ==28631== by 0x80E5D2D: main_loop (main.c:1181)
> ==28631== by 0x80E587D: main (main.c:940)
>
> memmove(...) is being called on already freed memory.
>
> Here is the relevant code in misc1.c
>
> !!! 2205 oldp = ml_get(lnum);
> ....
> 2275 #ifdef FEAT_NETBEANS_INTG
> 2276 if (was_alloced && usingNetbeans)
> !!! 2277 netbeans_removed(curbuf, lnum, col, count);
> 2278 /* else is handled by ml_replace() */
> 2279 #endif
> 2280 if (was_alloced)
> 2281 newp = oldp; /* use same
> allocated memory */
> 2282 else
> 2283 { /* need to
> allocate a new line */
> 2284 newp = alloc((unsigned)(oldlen + 1 - count));
> 2285 if (newp == NULL)
> 2286 return FAIL;
> 2287 mch_memmove(newp, oldp, (size_t)col);
> 2288 }
> !!! 2289 mch_memmove(newp + col, oldp + col + count, (size_t)movelen);
>
>
> oldp pointer is obtained at line 2205 with ml_get().
> Then call to netbeans_removed(...) frees that memory.
> Then oldp is used later at line 2289 (and valgrind
> then detects the bug).
>
> I'm attaching a patch which seems to fix it for me
> (+ a few typos).
>
> I'm using vim-7.1.245 on Linux x86 built with
> "configure --with-features=huge".
Thanks for the patch. However, this reveals that when using Netbeans
the optimization to not re-allocate the line doesn't make sense. I'll
set was_alloced to FALSE when Netbeans is active. That should be a
simpler solution.
--
Bypasses are devices that allow some people to dash from point A to
point B very fast while other people dash from point B to point A very
fast. People living at point C, being a point directly in between, are
often given to wonder what's so great about point A that so many people
from point B are so keen to get there and what's so great about point B
that so many people from point A are so keen to get there. They often
wish that people would just once and for all work out where the hell
they wanted to be.
-- Douglas Adams, "The Hitchhiker's Guide to the Galaxy"
/// Bram Moolenaar -- [EMAIL PROTECTED] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ download, build and distribute -- http://www.A-A-P.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--~--~---------~--~----~------------~-------~--~----~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~----------~----~----~----~------~----~------~--~---
