Ingo Karkat wrote:
> Hello Vim developers,
>
> I've written a user defined completion (via 'completefunc') that uses
> normal y{motion}
> to capture the completion matches. (I have some other completions that can use
> getline() to extract the text; in those, the crash doesn't happen.)
> If I use a straightforward mapping like
> inoremap ... <C-o>:set completefunc=<SID>MotionComplete<CR><C-x><C-u>
> to trigger the completion, everything is working fine. I've now appended some
> <C-r>=pumvisible() ? "\<lt>Down>" : ""<CR> fragment to modify the popup menu
> selection, and now observe Vim crashes whenever I invoke the augmented
> mapping.
> In fact, any text after the <C-x><C-u> causes buffer corruptions and eventual
> crashes.
>
> I've whittled down my completion script to the attached version. With that, I
> can reproduce crashes on the default (G)VIM 7.1 and 7.2 on Windows XP (but not
> with 7.0, which works fine), and with the latest Vim 7.2.197 (Big version with
> GTK2 GUI) on Ubuntu 8.04.
>
> To reproduce (the completion is mapped to <F11>):
> vim -N -u NONE -n -S CompleteAndTextMappingCrash.vim
> ifoobar<CR>
> foo<F11><CR> " No crash yet, but the '+' char after the mapping is lost
> foo<F11>
> Vim: Caught deadly signal SEGV
> Vim: Finished.
> Segmentation fault
>
> You can check the original, correct behavior with:
> vim -N -u NONE -n --cmd 'let nobug=1' -S CompleteAndTextMappingCrash.vim
>
> Please let me know if you need any additional information.
>
> -- regards, ingo
I can reproduce the crash you describe with latest Vim-7.2.197 (huge)
on Linux x86 (Ubuntu-8.10).
Valgrind memory checker also indicates that freed memory is
being used and it happens right after typing foo<F11> the
second time:
==4309== Invalid read of size 4
==4309== at 0x808C5F4: ins_compl_next (edit.c:4395)
==4309== by 0x808CAE1: ins_compl_check_keys (edit.c:4592)
==4309== by 0x809FF05: f_complete_check (eval.c:9013)
==4309== by 0x809ED76: call_func (eval.c:8144)
==4309== by 0x809E8B8: get_func_tv (eval.c:7961)
==4309== by 0x809AC42: eval7 (eval.c:5013)
==4309== by 0x809A54B: eval6 (eval.c:4680)
==4309== by 0x809A137: eval5 (eval.c:4496)
==4309== by 0x8099688: eval4 (eval.c:4191)
==4309== by 0x80994E0: eval3 (eval.c:4103)
==4309== by 0x809936C: eval2 (eval.c:4032)
==4309== by 0x809919C: eval1 (eval.c:3957)
==4309== by 0x8099103: eval0 (eval.c:3914)
==4309== by 0x8094BAA: eval_to_bool (eval.c:1217)
==4309== by 0x80D7BBF: ex_while (ex_eval.c:1063)
==4309== by 0x80C9323: do_one_cmd (ex_docmd.c:2620)
==4309== by 0x80C6BBF: do_cmdline (ex_docmd.c:1096)
==4309== by 0x80B2AB6: call_user_func (eval.c:21259)
==4309== by 0x809EC74: call_func (eval.c:8115)
==4309== by 0x809E8B8: get_func_tv (eval.c:7961)
==4309== by 0x80982AB: ex_call (eval.c:3337)
==4309== by 0x80C9323: do_one_cmd (ex_docmd.c:2620)
==4309== by 0x80C6BBF: do_cmdline (ex_docmd.c:1096)
==4309== by 0x80B2AB6: call_user_func (eval.c:21259)
==4309== by 0x809EC74: call_func (eval.c:8115)
==4309== by 0x809538D: call_vim_function (eval.c:1557)
==4309== by 0x80954D3: call_func_retlist (eval.c:1637)
==4309== by 0x808B1F0: expand_by_function (edit.c:3788)
==4309== by 0x808BCAE: ins_compl_get_exp (edit.c:4083)
==4309== by 0x808C71F: ins_compl_next (edit.c:4432)
==4309== by 0x808D9AF: ins_complete (edit.c:5063)
==4309== by 0x808782F: edit (edit.c:1343)
==4309== by 0x8146B4D: normal_cmd (normal.c:1367)
==4309== by 0x81092E2: main_loop (main.c:1186)
==4309== by 0x81FE7AF: mzscheme_env_main (if_mzsch.c:845)
==4309== by 0x81FE784: mzscheme_main (if_mzsch.c:809)
==4309== by 0x8108E2F: main (main.c:944)
==4309== Address 0x5b36a8c is 4 bytes inside a block of size 48 free'd
==4309== at 0x4024E5A: free (vg_replace_malloc.c:323)
==4309== by 0x81379C7: vim_free (misc2.c:1639)
==4309== by 0x808A441: ins_compl_free (edit.c:3172)
==4309== by 0x808AFB7: ins_compl_prep (edit.c:3685)
==4309== by 0x808692B: edit (edit.c:785)
==4309== by 0x8157D2B: op_change (ops.c:2654)
==4309== by 0x8147D12: do_pending_operator (normal.c:1953)
==4309== by 0x8146812: normal_cmd (normal.c:1214)
==4309== by 0x80D33B5: exec_normal_cmd (ex_docmd.c:9180)
==4309== by 0x80D3205: ex_normal (ex_docmd.c:9079)
==4309== by 0x80C9323: do_one_cmd (ex_docmd.c:2620)
==4309== by 0x80C6BBF: do_cmdline (ex_docmd.c:1096)
==4309== by 0x80AF193: ex_execute (eval.c:19552)
==4309== by 0x80C9323: do_one_cmd (ex_docmd.c:2620)
==4309== by 0x80C6BBF: do_cmdline (ex_docmd.c:1096)
==4309== by 0x80B2AB6: call_user_func (eval.c:21259)
==4309== by 0x809EC74: call_func (eval.c:8115)
==4309== by 0x809E8B8: get_func_tv (eval.c:7961)
==4309== by 0x80AD4B4: handle_subscript (eval.c:18367)
==4309== by 0x809ACE8: eval7 (eval.c:5041)
==4309== by 0x809A54B: eval6 (eval.c:4680)
==4309== by 0x809A137: eval5 (eval.c:4496)
==4309== by 0x8099688: eval4 (eval.c:4191)
==4309== by 0x80994E0: eval3 (eval.c:4103)
==4309== by 0x809936C: eval2 (eval.c:4032)
==4309== by 0x809919C: eval1 (eval.c:3957)
==4309== by 0x8099103: eval0 (eval.c:3914)
==4309== by 0x8095914: ex_let (eval.c:1829)
==4309== by 0x80C9323: do_one_cmd (ex_docmd.c:2620)
==4309== by 0x80C6BBF: do_cmdline (ex_docmd.c:1096)
==4309== by 0x80B2AB6: call_user_func (eval.c:21259)
==4309== by 0x809EC74: call_func (eval.c:8115)
==4309== by 0x809E8B8: get_func_tv (eval.c:7961)
==4309== by 0x80982AB: ex_call (eval.c:3337)
==4309== by 0x80C9323: do_one_cmd (ex_docmd.c:2620)
==4309== by 0x80C6BBF: do_cmdline (ex_docmd.c:1096)
==4309== by 0x80B2AB6: call_user_func (eval.c:21259)
==4309== by 0x809EC74: call_func (eval.c:8115)
==4309== by 0x809538D: call_vim_function (eval.c:1557)
==4309== by 0x80954D3: call_func_retlist (eval.c:1637)
==4309== by 0x808B1F0: expand_by_function (edit.c:3788)
==4309== by 0x808BCAE: ins_compl_get_exp (edit.c:4083)
==4309== by 0x808C71F: ins_compl_next (edit.c:4432)
==4309== by 0x808D9AF: ins_complete (edit.c:5063)
==4309== by 0x808782F: edit (edit.c:1343)
==4309== by 0x8146B4D: normal_cmd (normal.c:1367)
==4309== by 0x81092E2: main_loop (main.c:1186)
==4309== by 0x81FE7AF: mzscheme_env_main (if_mzsch.c:845)
==4309== by 0x81FE784: mzscheme_main (if_mzsch.c:809)
==4309== by 0x8108E2F: main (main.c:944)
==4309==
==4309== Invalid read of size 4
==4309== at 0x808C5F4: ins_compl_next (edit.c:4395)
==4309== by 0x808CAE1: ins_compl_check_keys (edit.c:4592)
==4309== by 0x808C2A6: ins_compl_get_exp (edit.c:4255)
==4309== by 0x808C71F: ins_compl_next (edit.c:4432)
==4309== by 0x808D9AF: ins_complete (edit.c:5063)
==4309== by 0x808782F: edit (edit.c:1343)
==4309== by 0x8146B4D: normal_cmd (normal.c:1367)
==4309== by 0x81092E2: main_loop (main.c:1186)
==4309== by 0x81FE7AF: mzscheme_env_main (if_mzsch.c:845)
==4309== by 0x81FE784: mzscheme_main (if_mzsch.c:809)
==4309== by 0x8108E2F: main (main.c:944)
==4309== Address 0x5b36a8c is 4 bytes inside a block of size 48 free'd
==4309== at 0x4024E5A: free (vg_replace_malloc.c:323)
==4309== by 0x81379C7: vim_free (misc2.c:1639)
==4309== by 0x808A441: ins_compl_free (edit.c:3172)
==4309== by 0x808AFB7: ins_compl_prep (edit.c:3685)
==4309== by 0x808692B: edit (edit.c:785)
==4309== by 0x8157D2B: op_change (ops.c:2654)
==4309== by 0x8147D12: do_pending_operator (normal.c:1953)
==4309== by 0x8146812: normal_cmd (normal.c:1214)
==4309== by 0x80D33B5: exec_normal_cmd (ex_docmd.c:9180)
==4309== by 0x80D3205: ex_normal (ex_docmd.c:9079)
==4309== by 0x80C9323: do_one_cmd (ex_docmd.c:2620)
==4309== by 0x80C6BBF: do_cmdline (ex_docmd.c:1096)
==4309== by 0x80AF193: ex_execute (eval.c:19552)
==4309== by 0x80C9323: do_one_cmd (ex_docmd.c:2620)
==4309== by 0x80C6BBF: do_cmdline (ex_docmd.c:1096)
==4309== by 0x80B2AB6: call_user_func (eval.c:21259)
==4309== by 0x809EC74: call_func (eval.c:8115)
==4309== by 0x809E8B8: get_func_tv (eval.c:7961)
==4309== by 0x80AD4B4: handle_subscript (eval.c:18367)
==4309== by 0x809ACE8: eval7 (eval.c:5041)
==4309== by 0x809A54B: eval6 (eval.c:4680)
==4309== by 0x809A137: eval5 (eval.c:4496)
==4309== by 0x8099688: eval4 (eval.c:4191)
==4309== by 0x80994E0: eval3 (eval.c:4103)
==4309== by 0x809936C: eval2 (eval.c:4032)
==4309== by 0x809919C: eval1 (eval.c:3957)
==4309== by 0x8099103: eval0 (eval.c:3914)
==4309== by 0x8095914: ex_let (eval.c:1829)
==4309== by 0x80C9323: do_one_cmd (ex_docmd.c:2620)
==4309== by 0x80C6BBF: do_cmdline (ex_docmd.c:1096)
==4309== by 0x80B2AB6: call_user_func (eval.c:21259)
==4309== by 0x809EC74: call_func (eval.c:8115)
==4309== by 0x809E8B8: get_func_tv (eval.c:7961)
==4309== by 0x80982AB: ex_call (eval.c:3337)
==4309== by 0x80C9323: do_one_cmd (ex_docmd.c:2620)
==4309== by 0x80C6BBF: do_cmdline (ex_docmd.c:1096)
==4309== by 0x80B2AB6: call_user_func (eval.c:21259)
==4309== by 0x809EC74: call_func (eval.c:8115)
==4309== by 0x809538D: call_vim_function (eval.c:1557)
==4309== by 0x80954D3: call_func_retlist (eval.c:1637)
==4309== by 0x808B1F0: expand_by_function (edit.c:3788)
==4309== by 0x808BCAE: ins_compl_get_exp (edit.c:4083)
==4309== by 0x808C71F: ins_compl_next (edit.c:4432)
==4309== by 0x808D9AF: ins_complete (edit.c:5063)
==4309== by 0x808782F: edit (edit.c:1343)
==4309== by 0x8146B4D: normal_cmd (normal.c:1367)
==4309== by 0x81092E2: main_loop (main.c:1186)
==4309== by 0x81FE7AF: mzscheme_env_main (if_mzsch.c:845)
==4309== by 0x81FE784: mzscheme_main (if_mzsch.c:809)
==4309== by 0x8108E2F: main (main.c:944)
I should find time to try to debug it this weekend.
Cheers
-- Dominique
--~--~---------~--~----~------------~-------~--~----~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~----------~----~----~----~------~----~------~--~---
