Hi
I saw the following error with Vim-7.2.284, which I can't reproduce
unfortunately:
==31786== Invalid free() / delete / delete[]
==31786== at 0x4024E5A: free (vg_replace_malloc.c:323)
==31786== by 0x8116582: vim_free (misc2.c:1644)
==31786== by 0x80D4E08: free_typebuf (getchar.c:1289)
==31786== by 0x80D4FE6: restore_typeahead (getchar.c:1350)
==31786== by 0x80B0DCA: ex_normal (ex_docmd.c:9103)
==31786== by 0x80A6E60: do_one_cmd (ex_docmd.c:2629)
==31786== by 0x80A4697: do_cmdline (ex_docmd.c:1098)
==31786== by 0x80905D0: call_user_func (eval.c:21292)
==31786== by 0x807C72F: call_func (eval.c:8123)
==31786== by 0x807C373: get_func_tv (eval.c:7969)
==31786== by 0x8075D74: ex_call (eval.c:3345)
==31786== by 0x80A6E60: do_one_cmd (ex_docmd.c:2629)
==31786== by 0x80A4697: do_cmdline (ex_docmd.c:1098)
==31786== by 0x80AC7DA: do_ucmd (ex_docmd.c:6059)
==31786== by 0x80A6E37: do_one_cmd (ex_docmd.c:2620)
==31786== by 0x80A4697: do_cmdline (ex_docmd.c:1098)
==31786== by 0x80A3BAA: do_exmode (ex_docmd.c:655)
==31786== by 0x812BDF4: nv_exmode (normal.c:5182)
==31786== by 0x8125554: normal_cmd (normal.c:1188)
==31786== by 0x80E7A84: main_loop (main.c:1204)
==31786== by 0x80E7577: main (main.c:948)
==31786== Address 0x82223bc is in the BSS segment of /home/pel/sb/vim7/src/vim
Looking at code of free_typebuf() in getchar.c, I see
something clearly wrong at line 1286:
1279 void
1280 free_typebuf()
1281 {
1282 if (typebuf.tb_buf == typebuf_init)
1283 EMSG2(_(e_intern2), "Free typebuf 1");
1284 else
1285 vim_free(typebuf.tb_buf);
1286 if (typebuf.tb_buf == noremapbuf_init)
1287 EMSG2(_(e_intern2), "Free typebuf 2");
1288 else
1289 vim_free(typebuf.tb_noremap);
1290 }
Test at line 1286 is meant to test typebuf.tb_noremap
and not typebuf.tb_buf. Attached patch fixes it.
But the fix should just cause to have an error message
rather than trying to free something in .bss section.
So something else is wrong. Unfortunately, I have not
been to reproduce this error so it may be hard to track
down. Perhaps someone can figure it out from the
above stack.
Cheers
-- Dominique
--~--~---------~--~----~------------~-------~--~----~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~----------~----~----~----~------~----~------~--~---
Index: getchar.c
===================================================================
RCS file: /cvsroot/vim/vim7/src/getchar.c,v
retrieving revision 1.57
diff -c -r1.57 getchar.c
*** getchar.c 30 Sep 2009 13:15:48 -0000 1.57
--- getchar.c 10 Nov 2009 19:08:17 -0000
***************
*** 22,28 ****
* These buffers are used for storing:
* - stuffed characters: A command that is translated into another command.
* - redo characters: will redo the last change.
! * - recorded chracters: for the "q" command.
*
* The bytes are stored like in the typeahead buffer:
* - K_SPECIAL introduces a special key (two more bytes follow). A literal
--- 22,28 ----
* These buffers are used for storing:
* - stuffed characters: A command that is translated into another command.
* - redo characters: will redo the last change.
! * - recorded characters: for the "q" command.
*
* The bytes are stored like in the typeahead buffer:
* - K_SPECIAL introduces a special key (two more bytes follow). A literal
***************
*** 1283,1289 ****
EMSG2(_(e_intern2), "Free typebuf 1");
else
vim_free(typebuf.tb_buf);
! if (typebuf.tb_buf == noremapbuf_init)
EMSG2(_(e_intern2), "Free typebuf 2");
else
vim_free(typebuf.tb_noremap);
--- 1283,1289 ----
EMSG2(_(e_intern2), "Free typebuf 1");
else
vim_free(typebuf.tb_buf);
! if (typebuf.tb_noremap == noremapbuf_init)
EMSG2(_(e_intern2), "Free typebuf 2");
else
vim_free(typebuf.tb_noremap);
***************
*** 1516,1522 ****
* wanted.
* This translates escaped K_SPECIAL and CSI bytes to a K_SPECIAL or CSI byte.
* Collects the bytes of a multibyte character into the whole character.
! * Returns the modifers in the global "mod_mask".
*/
int
vgetc()
--- 1516,1522 ----
* wanted.
* This translates escaped K_SPECIAL and CSI bytes to a K_SPECIAL or CSI byte.
* Collects the bytes of a multibyte character into the whole character.
! * Returns the modifiers in the global "mod_mask".
*/
int
vgetc()
***************
*** 3320,3326 ****
retval = 1;
goto theend;
}
! /* An abbrevation cannot contain white space. */
for (n = 0; n < len; ++n)
if (vim_iswhite(keys[n]))
{
--- 3320,3326 ----
retval = 1;
goto theend;
}
! /* An abbreviation cannot contain white space. */
for (n = 0; n < len; ++n)
if (vim_iswhite(keys[n]))
{
***************
*** 4272,4278 ****
/*
* Check for word before the cursor: If it ends in a keyword char all
! * chars before it must be al keyword chars or non-keyword chars, but not
* white space. If it ends in a non-keyword char we accept any characters
* before it except white space.
*/
--- 4272,4278 ----
/*
* Check for word before the cursor: If it ends in a keyword char all
! * chars before it must be keyword chars or non-keyword chars, but not
* white space. If it ends in a non-keyword char we accept any characters
* before it except white space.
*/
