Cesar Romani wrote: > 1675 if ((error_msg = tgetent_error(tbuf, term)) == NULL) > (gdb) p term > $11 = (char_u *) 0xa0158c0 "msys" > (gdb) n > 1677 tp = tstrbuf; > (gdb) p term > $12 = (char_u *) 0x5b455c3d <Address 0x5b455c3d out of bounds>
1/ OK, so the corruption happens in in tgetent_error(), most likely in line 2158 but it might be worth putting a breaking point at line term.c:2158 and print 'term' variable before & after executing line term.c:2158 to confirm that corruption happens there. 2151 static char_u * 2152 tgetent_error(tbuf, term) 2153 char_u *tbuf; 2154 char_u *term; 2155 { 2156 int i; 2157 2158 i = TGETENT(tbuf, term); 2159 if (i < 0 /* -1 is always an error */ 2160 # ifdef TGETENT_ZERO_ERR 2161 || i == 0 /* sometimes zero is also an error */ 2162 # endif 2163 ) 2/ Most likely not enough memory is allocated for tbuf, first parameter of tgetent(). Size of buffer is defined in vim.h as follows: 1348 #if defined(AMIGA) || defined(__linux__) || defined(__QNX__) || defined(__CYGWIN32__) || defined(_AIX) 1349 # define TBUFSZ 2048 /* buffer size for termcap entry */ 1350 #else 1351 # define TBUFSZ 1024 /* buffer size for termcap entry */ 1352 #endif I suspect that on your system (mingw), it's using 1024 instead of 2048. If so, the attached patch might fix it. It adds "defined(__MINGW32__)" (__MINGW32__ is already used in several places in Vim's code): 1348 #if defined(AMIGA) || defined(__linux__) || defined(__QNX__) || defined(_AIX) \ 1349 || defined(__CYGWIN32__) || defined(__MINGW32__) 1350 # define TBUFSZ 2048 /* buffer size for termcap entry */ 1351 #else 1352 # define TBUFSZ 1024 /* buffer size for termcap entry */ 1353 #endif 2/ I also see that some implementations accept NULL as first argument of tgetent() and in which case buffer is internally dynamically allocated (hence more secure, but not as portable): See: http://www.gnu.org/software/termutils/manual/termcap-1.3/html_node/termcap_4.html quote: If you are using the GNU version of termcap, you can alternatively ask tgetent to allocate enough space. Pass a null pointer for buffer, and tgetent itself allocates the storage using malloc. There is no way to get the address that was allocated, and you shouldn't try to free the storage. So if attached patch does not suffice, it might be worth trying to replace tbuf with, i.e. try replacing lines term.c:1675: if ((error_msg = tgetent_error(tbuf, term)) == NULL) into... if ((error_msg = tgetent_error(NULL, term)) == NULL) Regards -- Dominique --~--~---------~--~----~------------~-------~--~----~ You received this message from the "vim_dev" maillist. For more information, visit http://www.vim.org/maillist.php -~----------~----~----~----~------~----~------~--~---
Index: vim.h =================================================================== RCS file: /cvsroot/vim/vim7/src/vim.h,v retrieving revision 1.106 diff -c -r1.106 vim.h *** vim.h 14 May 2009 20:19:32 -0000 1.106 --- vim.h 7 Jun 2009 20:44:04 -0000 *************** *** 593,599 **** /* * Terminal highlighting attribute bits. ! * Attibutes above HL_ALL are used for syntax highlighting. */ #define HL_NORMAL 0x00 #define HL_INVERSE 0x01 --- 593,599 ---- /* * Terminal highlighting attribute bits. ! * Attributes above HL_ALL are used for syntax highlighting. */ #define HL_NORMAL 0x00 #define HL_INVERSE 0x01 *************** *** 1259,1265 **** } hlf_T; /* The HL_FLAGS must be in the same order as the HLF_ enums! ! * When chainging this also adjust the default for 'highlight'. */ #define HL_FLAGS {'8', '@', 'd', 'e', 'h', 'i', 'l', 'm', 'M', \ 'n', 'r', 's', 'S', 'c', 't', 'v', 'V', 'w', 'W', \ 'f', 'F', 'A', 'C', 'D', 'T', '>', \ --- 1259,1265 ---- } hlf_T; /* The HL_FLAGS must be in the same order as the HLF_ enums! ! * When changing this also adjust the default for 'highlight'. */ #define HL_FLAGS {'8', '@', 'd', 'e', 'h', 'i', 'l', 'm', 'M', \ 'n', 'r', 's', 'S', 'c', 't', 'v', 'V', 'w', 'W', \ 'f', 'F', 'A', 'C', 'D', 'T', '>', \ *************** *** 1345,1351 **** # define MSG_BUF_CLEN MSG_BUF_LEN /* cell length */ #endif ! #if defined(AMIGA) || defined(__linux__) || defined(__QNX__) || defined(__CYGWIN32__) || defined(_AIX) # define TBUFSZ 2048 /* buffer size for termcap entry */ #else # define TBUFSZ 1024 /* buffer size for termcap entry */ --- 1345,1352 ---- # define MSG_BUF_CLEN MSG_BUF_LEN /* cell length */ #endif ! #if defined(AMIGA) || defined(__linux__) || defined(__QNX__) || defined(_AIX) \ ! || defined(__CYGWIN32__) || defined(__MINGW32__) # define TBUFSZ 2048 /* buffer size for termcap entry */ #else # define TBUFSZ 1024 /* buffer size for termcap entry */ *************** *** 1427,1433 **** #ifdef FEAT_MBYTE /* We need to call mb_stricmp() even when we aren't dealing with a multi-byte * encoding because mb_stricmp() takes care of all ascii and non-ascii ! * encodings, including characters with umluats in latin1, etc., while * STRICMP() only handles the system locale version, which often does not * handle non-ascii properly. */ --- 1428,1434 ---- #ifdef FEAT_MBYTE /* We need to call mb_stricmp() even when we aren't dealing with a multi-byte * encoding because mb_stricmp() takes care of all ascii and non-ascii ! * encodings, including characters with umlauts in latin1, etc., while * STRICMP() only handles the system locale version, which often does not * handle non-ascii properly. */