Michiel wrote:
>> At first I searched for 'flv' which it didn't find. Then I changed it
>> to 'swf'; it didn't find that either. I did probably click "Find next"
>> a couple of times even though it didn't find anything.
>
> Have to correct myself there, 'swf' is in the text so I guess it
> crashed while searching for it. It's even in the backtrace as
> find_text.
>
> I tried again to reproduce it and I found out how.
> *Do something that noticeably slows down the computer, this helps a
> lot but isn't necessary.
> *Search flv.
> *Scroll to top if you weren't already there.
> *Search swf but keep hammering the button fast.
>
> Regards
> Michiel
Ah thanks for the explanation!
I can reproduce it too now, at least using Gnome-2 GUI
with Vim-7.2.233 on Linux x86.
It happens with other files than your sample file too. I managed
to reproduce a crash several times on other files (searching for "let"
in my ~/.vimrc file for example).
Valgrind memory checker gives this first error:
==15072== Invalid write of size 1
==15072== at 0x4027678: memset (mc_replace_strmem.c:493)
==15072== by 0x8161DCB: cleanup_subexpr (regexp.c:5817)
==15072== by 0x815F886: regmatch (regexp.c:4415)
==15072== by 0x815DB7B: regtry (regexp.c:3656)
==15072== by 0x815D99D: vim_regexec_both (regexp.c:3545)
==15072== by 0x815D4A4: vim_regexec_multi (regexp.c:3355)
==15072== by 0x819FC70: syn_regexec (syntax.c:3128)
==15072== by 0x819DFFA: syn_current_attr (syntax.c:2002)
==15072== by 0x819D9E0: get_syntax_attr (syntax.c:1771)
==15072== by 0x8169B67: win_line (screen.c:3906)
==15072== by 0x81658CA: win_update (screen.c:1764)
==15072== by 0x8163AAC: update_screen (screen.c:521)
==15072== by 0x81CBDF8: gui_update_screen (gui.c:4896)
==15072== by 0x81CC3AC: gui_do_findrepl (gui.c:5099)
==15072== by 0x81D0C56: find_replace_cb (gui_gtk.c:2988)
==15072== by 0x46ED3D3: g_cclosure_marshal_VOID__VOID (in
/usr/lib/libgobject-2.0.so.0.1800.2)
==15072== by 0x46DFB77: g_closure_invoke (in
/usr/lib/libgobject-2.0.so.0.1800.2)
==15072== by 0x46F6094: (within /usr/lib/libgobject-2.0.so.0.1800.2)
==15072== by 0x46F77AB: g_signal_emit_valist (in
/usr/lib/libgobject-2.0.so.0.1800.2)
==15072== by 0x46F7C25: g_signal_emit (in
/usr/lib/libgobject-2.0.so.0.1800.2)
==15072== by 0x40BCE99: gtk_button_clicked (in
/usr/lib/libgtk-x11-2.0.so.0.1400.4)
==15072== by 0x40BDF47: (within /usr/lib/libgtk-x11-2.0.so.0.1400.4)
==15072== by 0x46ED3D3: g_cclosure_marshal_VOID__VOID (in
/usr/lib/libgobject-2.0.so.0.1800.2)
==15072== by 0x46DE3C8: (within /usr/lib/libgobject-2.0.so.0.1800.2)
==15072== by 0x46DFB77: g_closure_invoke (in
/usr/lib/libgobject-2.0.so.0.1800.2)
==15072== by 0x46F58ED: (within /usr/lib/libgobject-2.0.so.0.1800.2)
==15072== by 0x46F77AB: g_signal_emit_valist (in
/usr/lib/libgobject-2.0.so.0.1800.2)
==15072== by 0x46F7C25: g_signal_emit (in
/usr/lib/libgobject-2.0.so.0.1800.2)
==15072== by 0x40BCF39: gtk_button_released (in
/usr/lib/libgtk-x11-2.0.so.0.1400.4)
==15072== by 0x40BCF72: (within /usr/lib/libgtk-x11-2.0.so.0.1400.4)
==15072== by 0x4170F95: (within /usr/lib/libgtk-x11-2.0.so.0.1400.4)
==15072== by 0x46DE3C8: (within /usr/lib/libgobject-2.0.so.0.1800.2)
==15072== by 0x46DFB77: g_closure_invoke (in
/usr/lib/libgobject-2.0.so.0.1800.2)
==15072== by 0x46F5D3C: (within /usr/lib/libgobject-2.0.so.0.1800.2)
==15072== by 0x46F762A: g_signal_emit_valist (in
/usr/lib/libgobject-2.0.so.0.1800.2)
==15072== by 0x46F7C25: g_signal_emit (in
/usr/lib/libgobject-2.0.so.0.1800.2)
==15072== by 0x4285F1D: (within /usr/lib/libgtk-x11-2.0.so.0.1400.4)
==15072== by 0x4169AAB: gtk_propagate_event (in
/usr/lib/libgtk-x11-2.0.so.0.1400.4)
==15072== by 0x416AE56: gtk_main_do_event (in
/usr/lib/libgtk-x11-2.0.so.0.1400.4)
==15072== by 0x442A569: (within /usr/lib/libgdk-x11-2.0.so.0.1400.4)
==15072== by 0x4751717: g_main_context_dispatch (in
/usr/lib/libglib-2.0.so.0.1800.2)
==15072== by 0x4754DC2: (within /usr/lib/libglib-2.0.so.0.1800.2)
==15072== by 0x4754F80: g_main_context_iteration (in
/usr/lib/libglib-2.0.so.0.1800.2)
==15072== by 0x416B0F2: gtk_main_iteration_do (in
/usr/lib/libgtk-x11-2.0.so.0.1400.4)
==15072== by 0x81D8C5D: gui_mch_update (gui_gtk_x11.c:6437)
==15072== by 0x81B62E1: ui_breakcheck (ui.c:364)
==15072== by 0x8112D5A: fast_breakcheck (misc1.c:8435)
==15072== by 0x815DDFE: regmatch (regexp.c:3788)
==15072== by 0x815DB7B: regtry (regexp.c:3656)
==15072== by 0x815D99D: vim_regexec_both (regexp.c:3545)
==15072== Address 0xbefaf438 is not stack'd, malloc'd or (recently) free'd
And then follow many other errors.
regexp.c:
5809 static void
5810 cleanup_subexpr()
5811 {
5812 if (need_clear_subexpr)
5813 {
5814 if (REG_MULTI)
5815 {
5816 /* Use 0xff to set lnum to -1 */
5817 vim_memset(reg_startpos, 0xff, sizeof(lpos_T) * NSUBEXP);
5818 vim_memset(reg_endpos, 0xff, sizeof(lpos_T) * NSUBEXP);
5819 }
Maybe it's something time dependent in the GUI. Running it
with Valgrind slows down Vim so perhaps helps to reproduce it.
Running it another time, I got a totally different error:
==16494== Invalid read of size 4
==16494== at 0x819DF37: syn_current_attr (syntax.c:1975)
==16494== by 0x819D9E0: get_syntax_attr (syntax.c:1771)
==16494== by 0x8169B67: win_line (screen.c:3906)
==16494== by 0x81658CA: win_update (screen.c:1764)
==16494== by 0x8163AAC: update_screen (screen.c:521)
==16494== by 0x81CBDF8: gui_update_screen (gui.c:4896)
==16494== by 0x81CC3AC: gui_do_findrepl (gui.c:5099)
==16494== by 0x81D0C56: find_replace_cb (gui_gtk.c:2988)
==16494== by 0x46ED3D3: g_cclosure_marshal_VOID__VOID (in
/usr/lib/libgobject-2.0.so.0.1800.2)
==16494== by 0x46DFB77: g_closure_invoke (in
/usr/lib/libgobject-2.0.so.0.1800.2)
==16494== by 0x46F6094: (within /usr/lib/libgobject-2.0.so.0.1800.2)
==16494== by 0x46F77AB: g_signal_emit_valist (in
/usr/lib/libgobject-2.0.so.0.1800.2)
==16494== by 0x46F7C25: g_signal_emit (in
/usr/lib/libgobject-2.0.so.0.1800.2)
==16494== by 0x40BCE99: gtk_button_clicked (in
/usr/lib/libgtk-x11-2.0.so.0.1400.4)
==16494== by 0x40BDF47: (within /usr/lib/libgtk-x11-2.0.so.0.1400.4)
==16494== by 0x46ED3D3: g_cclosure_marshal_VOID__VOID (in
/usr/lib/libgobject-2.0.so.0.1800.2)
==16494== by 0x46DE3C8: (within /usr/lib/libgobject-2.0.so.0.1800.2)
==16494== by 0x46DFB77: g_closure_invoke (in
/usr/lib/libgobject-2.0.so.0.1800.2)
==16494== by 0x46F58ED: (within /usr/lib/libgobject-2.0.so.0.1800.2)
==16494== by 0x46F77AB: g_signal_emit_valist (in
/usr/lib/libgobject-2.0.so.0.1800.2)
==16494== by 0x46F7C25: g_signal_emit (in
/usr/lib/libgobject-2.0.so.0.1800.2)
==16494== by 0x40BCF39: gtk_button_released (in
/usr/lib/libgtk-x11-2.0.so.0.1400.4)
==16494== by 0x40BCF72: (within /usr/lib/libgtk-x11-2.0.so.0.1400.4)
==16494== by 0x4170F95: (within /usr/lib/libgtk-x11-2.0.so.0.1400.4)
==16494== by 0x46DE3C8: (within /usr/lib/libgobject-2.0.so.0.1800.2)
==16494== by 0x46DFB77: g_closure_invoke (in
/usr/lib/libgobject-2.0.so.0.1800.2)
==16494== by 0x46F5D3C: (within /usr/lib/libgobject-2.0.so.0.1800.2)
==16494== by 0x46F762A: g_signal_emit_valist (in
/usr/lib/libgobject-2.0.so.0.1800.2)
==16494== by 0x46F7C25: g_signal_emit (in
/usr/lib/libgobject-2.0.so.0.1800.2)
==16494== by 0x4285F1D: (within /usr/lib/libgtk-x11-2.0.so.0.1400.4)
==16494== by 0x4169AAB: gtk_propagate_event (in
/usr/lib/libgtk-x11-2.0.so.0.1400.4)
==16494== by 0x416AE56: gtk_main_do_event (in
/usr/lib/libgtk-x11-2.0.so.0.1400.4)
==16494== by 0x442A569: (within /usr/lib/libgdk-x11-2.0.so.0.1400.4)
==16494== by 0x4751717: g_main_context_dispatch (in
/usr/lib/libglib-2.0.so.0.1800.2)
==16494== by 0x4754DC2: (within /usr/lib/libglib-2.0.so.0.1800.2)
==16494== by 0x4754F80: g_main_context_iteration (in
/usr/lib/libglib-2.0.so.0.1800.2)
==16494== by 0x416B0F2: gtk_main_iteration_do (in
/usr/lib/libgtk-x11-2.0.so.0.1400.4)
==16494== by 0x81D8C5D: gui_mch_update (gui_gtk_x11.c:6437)
==16494== by 0x81B62E1: ui_breakcheck (ui.c:364)
==16494== by 0x8112D5A: fast_breakcheck (misc1.c:8435)
==16494== by 0x815DDFE: regmatch (regexp.c:3788)
==16494== by 0x815DB7B: regtry (regexp.c:3656)
==16494== by 0x815D99D: vim_regexec_both (regexp.c:3545)
==16494== by 0x815D4A4: vim_regexec_multi (regexp.c:3355)
==16494== by 0x819FC70: syn_regexec (syntax.c:3128)
==16494== by 0x819DFFA: syn_current_attr (syntax.c:2002)
==16494== by 0x819D9E0: get_syntax_attr (syntax.c:1771)
==16494== by 0x8169B67: win_line (screen.c:3906)
==16494== by 0x81658CA: win_update (screen.c:1764)
==16494== by 0x8163AAC: update_screen (screen.c:521)
==16494== Address 0x650c4d0 is 152 bytes inside a block of size 484 free'd
This is how I reproduce the errors:
1/ build vim with Gnome-2 GUI
./configure --with-features=huge --enable-gui=gnome2
2/ run vim with valgrind:
valgrind ./vim -f -g lunarchack,html 2> vg.log (the file in your link)
3/ From main menu: Edit -> Find...
Search for string: swf
Click "Find Next" button many time *rapidly*.
4/ Observe in vg.log that valgrind gives error after a while
(clicking "Find Next for 4 seconds or so is enough)
and that gvim may crash.
I could not reproduce the bug with ./vim -f -g -u NONE -U NONE
so when I have time, I can try to narrow down what triggers it
in my ~/.vimrc.
Sorry, no fix yet.
-- Dominique
--~--~---------~--~----~------------~-------~--~----~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~----------~----~----~----~------~----~------~--~---
