Dominique Pellé <[email protected]>: > Hi > > Using Vim-7.3.31, I observe the following error with Valgrind: > > ==5153== Invalid read of size 1 > ==5153== at 0x811B075: mb_strnicmp (mbyte.c:3102) > ==5153== by 0x80871D0: eval4 (eval.c:4475) > ==5153== by 0x808737B: eval3 (eval.c:4157) > ==5153== by 0x80874AB: eval1 (eval.c:4086) > ==5153== by 0x808871C: eval0 (eval.c:3968) > ==5153== by 0x8088F99: eval_to_bool (eval.c:1271) > ==5153== by 0x80B17CD: ex_if (ex_eval.c:886) > ==5153== by 0x80AD486: do_one_cmd (ex_docmd.c:2656) > ==5153== by 0x80AB967: do_cmdline (ex_docmd.c:1122) > ==5153== by 0x808331C: call_user_func (eval.c:21960) > ==5153== by 0x8083D2E: call_func (eval.c:8291) > ==5153== by 0x8087883: get_func_tv (eval.c:8133) > ==5153== by 0x808CF00: ex_call (eval.c:3391) > ==5153== by 0x80AD486: do_one_cmd (ex_docmd.c:2656) > ==5153== by 0x80AB967: do_cmdline (ex_docmd.c:1122) > ==5153== by 0x8126C2E: nv_colon (normal.c:5319) > ==5153== by 0x8128B70: normal_cmd (normal.c:1190) > ==5153== by 0x80E59D6: main_loop (main.c:1260) > ==5153== by 0x80E8F90: main (main.c:965) > ==5153== Address 0x5143c47 is 3 bytes after a block of size 4 alloc'd > ==5153== at 0x4024F70: malloc (vg_replace_malloc.c:236) > ==5153== by 0x8110707: lalloc (misc2.c:919) > ==5153== by 0x81109B8: alloc (misc2.c:818) > ==5153== by 0x8111174: vim_strsave (misc2.c:1236) > ==5153== by 0x8075126: copy_tv (eval.c:19951) > ==5153== by 0x807578F: get_var_tv (eval.c:19017) > ==5153== by 0x8085E62: eval7 (eval.c:5096) > ==5153== by 0x80863D3: eval6 (eval.c:4734) > ==5153== by 0x808662B: eval5 (eval.c:4550) > ==5153== by 0x8086A09: eval4 (eval.c:4245) > ==5153== by 0x808737B: eval3 (eval.c:4157) > ==5153== by 0x80874AB: eval1 (eval.c:4086) > ==5153== by 0x808871C: eval0 (eval.c:3968) > ==5153== by 0x8088F99: eval_to_bool (eval.c:1271) > ==5153== by 0x80B17CD: ex_if (ex_eval.c:886) > ==5153== by 0x80AD486: do_one_cmd (ex_docmd.c:2656) > ==5153== by 0x80AB967: do_cmdline (ex_docmd.c:1122) > ==5153== by 0x808331C: call_user_func (eval.c:21960) > ==5153== by 0x8083D2E: call_func (eval.c:8291) > ==5153== by 0x8087883: get_func_tv (eval.c:8133) > ==5153== by 0x808CF00: ex_call (eval.c:3391) > ==5153== by 0x80AD486: do_one_cmd (ex_docmd.c:2656) > ==5153== by 0x80AB967: do_cmdline (ex_docmd.c:1122) > ==5153== by 0x8126C2E: nv_colon (normal.c:5319) > ==5153== by 0x8128B70: normal_cmd (normal.c:1190) > ==5153== by 0x80E59D6: main_loop (main.c:1260) > ==5153== by 0x80E8F90: main (main.c:965) > (and several more errors after that) > > It happens when I use my LanguageTool plugin: > > http://www.vim.org/scripts/script.php?script_id=3223 > > After installing the plugin, I can reproduce the bug when > running Vim with Valgrind and doing this: > > :help change.txt > :LanguageToolCheck > > Then click in the buffer containing content of "change.txt" > and observe the valgrind error.
Here is a much simpler way to reproduce the bug which does not require any plugin: $ valgrind vim -u NONE \ -c 'set ic | if "\<LeftMouse>" == "\<RightMouse>" | endif | q' \ 2> vg.log And observe error in vg.log. Using ==# instead of == avoids the bug, but Vim should not access beyond end of string anyway when using ==. Regards -- Dominique -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php
