Comment #2 on issue 96 by [email protected]: Use of memory after free when pasting in read-only file using Perforce plugin
http://code.google.com/p/vim/issues/detail?id=96

I need to add that this issue has caused several crashes to me while working normally with Vim and Perforce plugin in the last few days. What I find strange is that I was working with the same setup for months without such crash. And in the last few days, I experienced 3 or 4 crashes. So something must have changed recently either to make the crash happening more frequently. Here is a gdb stack trace when crash happened while checking-out a file within Vim:


(gdb) bt
#0  0x00007f9f793ed707 in kill () at ../sysdeps/unix/syscall-template.S:82
#1  0x0000000000788bd7 in may_core_dump () at os_unix.c:3166
#2  0x00000000007889d3 in mch_exit (r=1) at os_unix.c:3132
#3  0x0000000000a55d94 in getout (exitval=1) at main.c:1478
#4  0x00000000006a6c66 in preserve_exit () at misc1.c:9134
#5  0x0000000000797305 in deathtrap (sigarg=11) at os_unix.c:1097
#6  <signal handler called>
#7 __strlen_sse2_pminub () at ../sysdeps/x86_64/multiarch/strlen-sse2-pminub.S:39 #8 0x0000000000748585 in do_put (regname=43, dir=1, count=1, flags=0) at ops.c:3493
#9  0x0000000000719b0d in nv_put (cap=0x7fff970b3c48) at normal.c:9463
#10 0x00000000006fe953 in normal_cmd (oap=0x7fff970b3d08, toplevel=1) at normal.c:1198
#11 0x0000000000a5692d in main_loop (cmdwin=0, noexmode=0) at main.c:1306
#12 0x0000000000a4e9a4 in main (argc=2, argv=0x7fff970b4318) at main.c:1010
(gdb)


Notice that it crashes where valgrind was also complaining.

Full stack trace:

gdb) bt full
#0  0x00007f9f793ed707 in kill () at ../sysdeps/unix/syscall-template.S:82
No locals.
#1  0x0000000000788bd7 in may_core_dump () at os_unix.c:3166
No locals.
#2  0x00000000007889d3 in mch_exit (r=1) at os_unix.c:3132
No locals.
#3  0x0000000000a55d94 in getout (exitval=1) at main.c:1478
        buf = 0x0
        wp = 0x0
        tp = 0x0
        next_tp = 0x0
#4  0x00000000006a6c66 in preserve_exit () at misc1.c:9134
        buf = 0x0
#5  0x0000000000797305 in deathtrap (sigarg=11) at os_unix.c:1097
        i = 7
        entered = 1
#6  <signal handler called>
No symbol table info available.
#7 __strlen_sse2_pminub () at ../sysdeps/x86_64/multiarch/strlen-sse2-pminub.S:39
No locals.
#8 0x0000000000748585 in do_put (regname=43, dir=1, count=1, flags=0) at ops.c:3493
        newp = 0x0
        oldlen = 32767
bd = {startspaces = -1760869616, endspaces = 112, textlen = 1, textstart = 0x70 <Address 0x70 out of bounds>, textcol = 7026884, start_vcol = 0, end_vcol = 0, is_short = 0, is_MAX = 39385520, is_oneChar = 0, pre_whitesp = -1760874992, pre_whitesp_c = 112, end_char_vcols = 13413992, start_char_vcols = 0}
        indent = 0
        ptr = 0x6ffb14 "\307E\344\001"
        oldp = 0x70 <Address 0x70 out of bounds>
        yanklen = 0
        col = 1
        totlen = 0
        lnum = 46
        i = 7364200
        vcol = 32767
        delcount = -1760874976
        nr_lines = 0
        allocated = 0
        cnt = 13413992
        y_size = 1
        j = 0
        new_cursor = {lnum = 140735727480400, col = 0, coladd = 0}
        orig_indent = 0
        first_indent = 1
        y_type = 1
        incr = 0
        y_array = 0x2651050
        insert_string = 0x0
        y_width = 0
        indent_diff = 0
        lendiff = 0
        old_pos = {lnum = 10927409, col = 33, coladd = 0}
#9  0x0000000000719b0d in nv_put (cap=0x7fff970b3c48) at normal.c:9463
        regname = 0
        reg2 = 0x0
        empty = 0
        was_visual = 0
        dir = 1
        flags = 0
        reg1 = 0x0
#10 0x00000000006fe953 in normal_cmd (oap=0x7fff970b3d08, toplevel=1) at normal.c:1198 ca = {oap = 0x7fff970b3d08, prechar = 0, cmdchar = 112, nchar = 0, ncharC1 = 0, ncharC2 = 0, extra_char = 0, opcount = 0, count0 = 0, count1 = 1, arg = 0, retval = 0, searchbuf = 0x0}
        c = 112
        idx = 113
        set_prevcount = 0
        ctrl_w = 0
        old_col = 31
        need_flushbuf = 1
        old_pos = {lnum = 45, col = 31, coladd = 0}
        mapped_len = 0
        old_mapped_len = 0
#11 0x0000000000a5692d in main_loop (cmdwin=0, noexmode=0) at main.c:1306
oa = {op_type = 0, regname = 0, motion_type = 0, motion_force = 0, use_reg_one = 0, inclusive = 0, end_adjusted = 0, start = {lnum = 112, col = 33, coladd = 0}, end = {lnum = 112, col = 33, coladd = 0}, cursor_start = {lnum = 0, col = 0, coladd = 0}, line_count = 1, empty = 0, is_VIsual = 0, block_mode = 0, start_vcol = 0, end_vcol = 13, prev_opcount = 0, prev_count0 = 0}
        previous_got_int = 0
        conceal_old_cursor_line = 0
        conceal_new_cursor_line = 0
        conceal_update_lines = 0
#12 0x0000000000a4e9a4 in main (argc=2, argv=0x7fff970b4318) at main.c:1010
        fname = 0x2219b30 "NDS-poi-region.cpp"
params = {argc = 2, argv = 0x7fff970b4318, evim_mode = 0, use_vimrc = 0x0, n_commands = 0, commands = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, cmds_tofree = "\000\000\000\000\000\000\000\000\000", n_pre_commands = 0, pre_commands = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, edit_type = 1, tagname = 0x0, use_ef = 0x0, want_full_screen = 1, stdout_isatty = 1, term = 0x0, ask_for_key = 0, no_swap_file = 0, use_debug_break_level = -1, window_count = 1, window_layout = 0, serverArg = 0, serverName_arg = 0x0, serverStr = 0x0, serverStrEnc = 0x0, servername = 0x221ce20 "VIM", diff_mode = 0}
        i = 2
(gdb)


--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

Raspunde prin e-mail lui