2008/7/9 Bram Moolenaar <[EMAIL PROTECTED]>: > George V. Reilly wrote: > >> An autocmd, selectbuf#BufNew, is calling set cpo&vim. Vim is freeing >> invalid memory for the old value from did_set_string_option. The >> previous value was (probably) set by vim72a\menu.vim. >> >> I think get_varp_scope() is at fault. > > Hmm, could it be patch 7.2a.019? No, that only changed something for > non-string options.
You're freeing empty_option, as returned by get_varp(). Look at how many times 0x1`4035cffa recurs below. Callstack from WinDbg: 0:000> kp Child-SP RetAddr Call Site 00000000`0012ece0 00000001`40153e79 gvimd!free_string_option(unsigned char * p = 0x00000001`4035cffa "")+0x1d [z:\vimsrc\vim7.2\src\option.c @ 5171] 00000000`0012ed10 00000001`40069370 gvimd!set_string_option_direct(unsigned char * name = 0x00000001`4031e400 "buftype", int opt_idx = -1, unsigned char * val = 0x00000001`4031e3f4 "help", int opt_flags = 5, int set_sid = 0)+0x129 [z:\vimsrc\vim7.2\src\option.c @ 5312] 00000000`0012ed70 00000001`40170f62 gvimd!do_ecmd(int fnum = 2, unsigned char * ffname = 0x00000000`00000000 "", unsigned char * sfname = 0x00000000`00000000 "", struct exarg * eap = 0x00000000`00000000, long newlnum = 1, int flags = 3)+0x950 [z:\vimsrc\vim7.2\src\ex_cmds.c @ 3454] 00000000`0012ee80 00000001`40175b8d gvimd!qf_jump(struct qf_info_S * qi = 0x00000001`4035ea30, int dir = 0, int errornr = 0, int forceit = 0)+0xc32 [z:\vimsrc\vim7.2\src\quickfix.c @ 1747] 00000000`0012efb0 00000001`4007ed20 gvimd!ex_helpgrep(struct exarg * eap = 0x00000000`0012f1d0)+0x5ad [z:\vimsrc\vim7.2\src\quickfix.c @ 3901] 00000000`0012f140 00000001`4007c074 gvimd!do_one_cmd(unsigned char ** cmdlinep = 0x00000000`0012f330, int sourcing = 0, struct condstack * cstack = 0x00000000`0012f3e0, <function> * fgetline = 0x00000001`40003508, void * cookie = 0x00000000`00000000)+0x1c60 [z:\vimsrc\vim7.2\src\ex_docmd.c @ 2622] 00000000`0012f2d0 00000001`4013383a gvimd!do_cmdline(unsigned char * cmdline = 0x00000000`00000000 "", <function> * getline = 0x00000001`40003508, void * cookie = 0x00000000`00000000, int flags = 0)+0x914 [z:\vimsrc\vim7.2\src\ex_docmd.c @ 1099] 00000000`0012f910 00000001`4012c076 gvimd!nv_colon(struct cmdarg_S * cap = 0x00000000`0012f980)+0xda [z:\vimsrc\vim7.2\src\normal.c @ 5185] 00000000`0012f950 00000001`400d3ac7 gvimd!normal_cmd(struct oparg_S * oap = 0x00000000`0012faa0, int toplevel = 1)+0x1106 [z:\vimsrc\vim7.2\src\normal.c @ 1160] 00000000`0012fa60 00000001`400d367a gvimd!main_loop(int cmdwin = 0, int noexmode = 0)+0x407 [z:\vimsrc\vim7.2\src\main.c @ 1180] 00000000`0012fb40 00000001`4022cc2f gvimd!VimMain(void)+0x7ea [z:\vimsrc\vim7.2\src\main.c @ 940] 00000000`0012fd00 00000001`4025e568 gvimd!WinMain(struct HINSTANCE__ * hInstance = 0x00000001`40000000, struct HINSTANCE__ * hPrevInst = 0x00000000`00000000, char * lpszCmdLine = 0x00000000`01b56f1c "-u NONE", int nCmdShow = 10)+0xcf [z:\vimsrc\vim7.2\src\os_w32exe.c @ 131] 00000000`0012fe60 00000001`4025e41e gvimd!__tmainCRTStartup(void)+0x138 [f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crt0.c @ 263] 00000000`0012ff30 00000000`7791cdcd gvimd!WinMainCRTStartup(void)+0xe [f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crt0.c @ 182] 00000000`0012ff60 00000000`77b3c6e1 kernel32!BaseThreadInitThunk+0xd 00000000`0012ff90 00000000`00000000 ntdll!RtlUserThreadStart+0x1d 0:000> dt empty_option gvimd!empty_option 0x00000001`4035cffa "" 0:000> dt curbuf gvimd!curbuf 0x00000000`053a9d00 +0x000 b_ml : memline +0x060 b_next : 0x00000000`053da5c0 file_buffer +0x068 b_prev : 0x00000000`04752d30 file_buffer +0x070 b_nwindows : 1 +0x074 b_flags : 6 +0x078 b_ffname : 0x00000000`04fc0090 "c:\vimsrc\vim7.2\runtime\doc\mlang.txt" +0x080 b_sfname : 0x00000000`04fcac20 "c:\vimsrc\vim7.2\runtime\doc\mlang.txt" +0x088 b_fname : 0x00000000`04fcac20 "c:\vimsrc\vim7.2\runtime\doc\mlang.txt" +0x1138 b_p_bh : 0x00000001`4035cffa "" +0x1140 b_p_bt : 0x00000001`4035cffa "" +0x11b0 b_p_ft : 0x00000001`4035cffa "" +0x11d8 b_p_def : 0x00000001`4035cffa "" +0x11e0 b_p_inc : 0x00000001`4035cffa "" +0x1228 b_p_kp : 0x00000001`4035cffa "" +0x1290 b_p_syn : 0x00000001`4035cffa "" +0x12e0 b_p_gp : 0x00000001`4035cffa "" +0x12e8 b_p_mp : 0x00000001`4035cffa "" +0x12f0 b_p_efm : 0x00000001`4035cffa "" +0x12f8 b_p_ep : 0x00000001`4035cffa "" +0x1300 b_p_path : 0x00000001`4035cffa "" +0x1310 b_p_tags : 0x00000001`4035cffa "" +0x1318 b_p_dict : 0x00000001`4035cffa "" +0x1320 b_p_tsr : 0x00000001`4035cffa "" +0x14b0 b_p_bexpr : 0x00000001`4035cffa "" -- /George V. Reilly [EMAIL PROTECTED] http://www.georgevreilly.com/blog http://blogs.cozi.com/tech --~--~---------~--~----~------------~-------~--~----~ You received this message from the "vim_dev" maillist. For more information, visit http://www.vim.org/maillist.php -~----------~----~----~----~------~----~------~--~---
