Hi
Using Vim-7.4.368 (huge) built with -DEXITFREE,
I see access to freed memory when doing:
$ valgrind vim -u NONE -C /tmp/xx \
-c ':sign define piet text=>> texthl=Search' \
-c ':exe ":sign place 2 line=23 name=piet file=" . expand("%:p")' \
-c 'qa'
==6787== Memcheck, a memory error detector
==6787== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==6787== Using Valgrind-3.9.0.SVN and LibVEX; rerun with -h for copyright info
==6787== Command: vim -u NONE -C /tmp/xx -c :sign\ define\ piet\
text=\>\>\ texthl=Search -c :exe\ ":sign\ place\ 2\ line=23\
name=piet\ file="\ .\ expand("%:p") -c qa
==6787==
==6787== Invalid read of size 4
==6787== at 0x529B3C: changed_cline_bef_curs (move.c:557)
==6787== by 0x41A783: buf_delete_signs (buffer.c:5709)
==6787== by 0x40F986: free_buffer_stuff (buffer.c:719)
==6787== by 0x40F889: free_buffer (buffer.c:659)
==6787== by 0x40ED1E: close_buffer (buffer.c:515)
==6787== by 0x51F54A: free_all_mem (misc2.c:1172)
==6787== by 0x5723D3: mch_exit (os_unix.c:3346)
==6787== by 0x672952: getout (main.c:1501)
==6787== by 0x498C2E: ex_quit_all (ex_docmd.c:6648)
==6787== by 0x48D35A: do_one_cmd (ex_docmd.c:2701)
==6787== by 0x4893DC: do_cmdline (ex_docmd.c:1126)
==6787== by 0x48A299: do_cmdline_cmd (ex_docmd.c:731)
==6787== Address 0xcc1cd9c is 172 bytes inside a block of size 5,584 free'd
==6787== at 0x4C2B577: free (vg_replace_malloc.c:468)
==6787== by 0x51F673: vim_free (misc2.c:1740)
==6787== by 0x63E4EF: win_free (window.c:4625)
==6787== by 0x64182D: win_free_mem (window.c:2461)
==6787== by 0x641FDA: win_free_all (window.c:2491)
==6787== by 0x51F4FC: free_all_mem (misc2.c:1161)
==6787== by 0x5723D3: mch_exit (os_unix.c:3346)
==6787== by 0x672952: getout (main.c:1501)
==6787== by 0x498C2E: ex_quit_all (ex_docmd.c:6648)
==6787== by 0x48D35A: do_one_cmd (ex_docmd.c:2701)
==6787== by 0x4893DC: do_cmdline (ex_docmd.c:1126)
==6787== by 0x48A299: do_cmdline_cmd (ex_docmd.c:731)
==6787==
==6787== Invalid write of size 4
==6787== at 0x529B48: changed_cline_bef_curs (move.c:557)
==6787== by 0x41A783: buf_delete_signs (buffer.c:5709)
==6787== by 0x40F986: free_buffer_stuff (buffer.c:719)
==6787== by 0x40F889: free_buffer (buffer.c:659)
==6787== by 0x40ED1E: close_buffer (buffer.c:515)
==6787== by 0x51F54A: free_all_mem (misc2.c:1172)
==6787== by 0x5723D3: mch_exit (os_unix.c:3346)
==6787== by 0x672952: getout (main.c:1501)
==6787== by 0x498C2E: ex_quit_all (ex_docmd.c:6648)
==6787== by 0x48D35A: do_one_cmd (ex_docmd.c:2701)
==6787== by 0x4893DC: do_cmdline (ex_docmd.c:1126)
==6787== by 0x48A299: do_cmdline_cmd (ex_docmd.c:731)
==6787== Address 0xcc1cd9c is 172 bytes inside a block of size 5,584 free'd
==6787== at 0x4C2B577: free (vg_replace_malloc.c:468)
==6787== by 0x51F673: vim_free (misc2.c:1740)
==6787== by 0x63E4EF: win_free (window.c:4625)
==6787== by 0x64182D: win_free_mem (window.c:2461)
==6787== by 0x641FDA: win_free_all (window.c:2491)
==6787== by 0x51F4FC: free_all_mem (misc2.c:1161)
==6787== by 0x5723D3: mch_exit (os_unix.c:3346)
==6787== by 0x672952: getout (main.c:1501)
==6787== by 0x498C2E: ex_quit_all (ex_docmd.c:6648)
==6787== by 0x48D35A: do_one_cmd (ex_docmd.c:2701)
==6787== by 0x4893DC: do_cmdline (ex_docmd.c:1126)
==6787== by 0x48A299: do_cmdline_cmd (ex_docmd.c:731)
==6787==
The bug was introduced by this patch:
===
changeset: 5869:373204662d82
tag: v7-4-277
user: Bram Moolenaar <[email protected]>
date: Wed May 07 16:35:08 2014 +0200
files: src/buffer.c src/version.c
description:
updated for version 7.4.277
Problem: Using ":sign unplace *" may leave the cursor in the wrong position
(Christian Brabandt)
Solution: Update the cursor position when removing all signs.
===
Attached patch fixes it but please review it
as I am not sure that it is the best way to fix it.
Regards
Dominique
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
diff -r f37b2f0479ca src/move.c
--- a/src/move.c Wed Jul 16 15:18:27 2014 +0200
+++ b/src/move.c Wed Jul 16 15:52:32 2014 +0200
@@ -554,8 +554,9 @@
void
changed_cline_bef_curs()
{
- curwin->w_valid &= ~(VALID_WROW|VALID_WCOL|VALID_VIRTCOL
- |VALID_CHEIGHT|VALID_TOPLINE);
+ if (curwin != NULL)
+ curwin->w_valid &= ~(VALID_WROW|VALID_WCOL|VALID_VIRTCOL
+ |VALID_CHEIGHT|VALID_TOPLINE);
}
void
diff -r f37b2f0479ca src/window.c
--- a/src/window.c Wed Jul 16 15:18:27 2014 +0200
+++ b/src/window.c Wed Jul 16 15:52:32 2014 +0200
@@ -2489,6 +2489,7 @@
while (firstwin != NULL)
(void)win_free_mem(firstwin, &dummy, NULL);
+ curwin = NULL;
}
#endif
