While searching for the bug in my extended-funcref branch I found that *in this branch* it is possible to access freed memory: variable cleared by vars_clear may contain reference to the variable already freed by vim_free(SCRIPT_SV(i)).
Almost minimal example of environment that is enough for reproducing the bug is
attached. Note that only build with EXITFREE defined (normally development
build) is subject to this kind of error. To see this error run under valgrind
vim -u ../vimrc -s efref-valgrind.in
while being in test/ subdirectory found in the archive. This error happens for
both my branch and upstream, but I was thinking it was my failure because I did
not have development version of upstream compiled.
The following patch fixes the problem for me (main idea is that you first clear
all variables and only then do actual freeing).
Note that it may make sense to defer the second cycle (and hence ga_clear()
call) until garbage_collect() call (in case reference to script-local scope is
saved to a list/dictionary that then became unreferenced), but I am not sure.
diff -r 8f286037c0d0 src/eval.c
--- a/src/eval.c Sun Sep 22 13:37:08 2013 +0400
+++ b/src/eval.c Sun Sep 22 22:13:59 2013 +0400
@@ -942,10 +942,9 @@
/* script-local variables */
for (i = 1; i <= ga_scripts.ga_len; ++i)
- {
vars_clear(&SCRIPT_VARS(i));
+ for (i = 1; i <= ga_scripts.ga_len; ++i)
vim_free(SCRIPT_SV(i));
- }
ga_clear(&ga_scripts);
/* unreferenced lists and dicts */
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
valgrind-error-environment.tar.xz
Description: Binary data
