Nico Weber wrote: > Hi, > > Valgrind memory checker finds several errors in vim-7.2 (patches > 1-148) with the reproduction steps described at > http://groups.google.com/group/vim_mac/browse_thread/thread/4e0149ff4f84e3d3 > : > > ==33469== Conditional jump or move depends on uninitialised value(s) > ==33469== at 0x437EA: can_free_funccal (eval.c:21449) > ==33469== by 0x2D213: garbage_collect (eval.c:6591) > ==33469== by 0x8D92E: before_blocking (getchar.c:1473) > ==33469== by 0x10764F: mch_inchar (os_unix.c:385) > ==33469== by 0x176A06: ui_inchar (ui.c:193) > ==33469== by 0x8FFD1: inchar (getchar.c:2959) > ==33469== by 0x8FB64: vgetorpeek (getchar.c:2735) > ==33469== by 0x8DAA3: vgetc (getchar.c:1552) > ==33469== by 0x8E05D: safe_vgetc (getchar.c:1757) > ==33469== by 0xDC89D: normal_cmd (normal.c:653) > ==33469== by 0x9F674: main_loop (main.c:1255) > ==33469== by 0x9F167: main (main.c:1002)
...snip... > On OS X, this leads to a crash. The problem was found by Meikel > Brandmeyer. > > The attached patch fixes this. > > There were two problems: > > 1. Without > > dict->dv_copyID = 0; > > the l_vars and l_avars dicts in funccall_T have no initialized > dv_copyID at the end of call_user_func, and hence valgrind complains > when garbage_collect walks the previous_funccal list > > 2. Double free. garbage_collect() frees dictionaries and lists, > including the ones belonging to functions in the previous_funccal > list. When the previou_funccal list is freed, these dictionaries and > lists are freed a second time. > > Nico Thanks. I can confirm that Valgrind detects the same errors on Linux x86 too using Vim-7.2.166. I did not try it earlier because I don't follow the mailing list vim_mac. So bug is not mac specific, even though it does not cause a crash on Linux. After applying your patch, there are no such errors anymore. However, when exiting, I see that those blocks are not being freed: ==16990== 217 bytes in 10 blocks are possibly lost in loss record 36 of 57 ==16990== at 0x402603E: malloc (vg_replace_malloc.c:207) ==16990== by 0x81142FA: lalloc (misc2.c:866) ==16990== by 0x8114216: alloc (misc2.c:765) ==16990== by 0x807AD1D: dictitem_alloc (eval.c:6775) ==16990== by 0x8074FFD: set_var_lval (eval.c:2856) ==16990== by 0x80742F4: ex_let_one (eval.c:2414) ==16990== by 0x807329F: ex_let_vars (eval.c:1869) ==16990== by 0x8073250: ex_let (eval.c:1834) ==16990== by 0x80A6AA3: do_one_cmd (ex_docmd.c:2622) ==16990== by 0x80A4323: do_cmdline (ex_docmd.c:1096) ==16990== by 0x8090328: call_user_func (eval.c:21301) ==16990== by 0x807C4FE: call_func (eval.c:8079) ==16990== by 0x807C142: get_func_tv (eval.c:7925) ==16990== by 0x8075B83: ex_call (eval.c:3333) ==16990== by 0x80A6AA3: do_one_cmd (ex_docmd.c:2622) ==16990== by 0x80A4323: do_cmdline (ex_docmd.c:1096) ==16990== by 0x812A758: nv_colon (normal.c:5227) ==16990== by 0x8123DA2: normal_cmd (normal.c:1189) ==16990== by 0x80E6D49: main_loop (main.c:1180) ==16990== by 0x80E6896: main (main.c:939) I built Vim with -DEXITFREE (i.e. uncommented line PROFILE_CFLAGS = -DEXITFREE in src/Makefile) so normally all blocks should be freed when exiting. Regards -- Dominique --~--~---------~--~----~------------~-------~--~----~ You received this message from the "vim_dev" maillist. For more information, visit http://www.vim.org/maillist.php -~----------~----~----~----~------~----~------~--~---
