Hi
Valgrind detects use of free memory in Vim-7.4.2305
Bug was introduced in Vim-7.4.2304.
$ valgrind 2> log vim -u NONE -c 'call timer_start(0, "x")'
==11797== Memcheck, a memory error detector
==11797== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==11797== Using Valgrind-3.12.0.SVN and LibVEX; rerun with -h for copyright info
==11797== Command: vim -u NONE -c call\ timer_start(0,\ "x")
==11797==
==11797== Invalid read of size 8
==11797== at 0x470ECA: remove_timer (ex_cmds2.c:1116)
==11797== by 0x4711CC: check_due_timer (ex_cmds2.c:1226)
==11797== by 0x5395BB: WaitForChar (os_unix.c:5399)
==11797== by 0x5343DE: mch_inchar (os_unix.c:425)
==11797== by 0x5D7C10: ui_inchar (ui.c:195)
==11797== by 0x4B993B: inchar (getchar.c:3057)
==11797== by 0x4B953B: vgetorpeek (getchar.c:2833)
==11797== by 0x4B758D: vgetc (getchar.c:1606)
==11797== by 0x4B7AD3: safe_vgetc (getchar.c:1802)
==11797== by 0x503F49: normal_cmd (normal.c:627)
==11797== by 0x6235CB: main_loop (main.c:1311)
==11797== by 0x622D55: vim_main2 (main.c:877)
==11797== Address 0xdd18660 is 16 bytes inside a block of size 72 free'd
==11797== at 0x4C2BCEF: free (vg_replace_malloc.c:530)
==11797== by 0x4F3430: vim_free (misc2.c:1705)
==11797== by 0x470F66: free_timer (ex_cmds2.c:1132)
==11797== by 0x4711C0: check_due_timer (ex_cmds2.c:1225)
==11797== by 0x5395BB: WaitForChar (os_unix.c:5399)
==11797== by 0x5343DE: mch_inchar (os_unix.c:425)
==11797== by 0x5D7C10: ui_inchar (ui.c:195)
==11797== by 0x4B993B: inchar (getchar.c:3057)
==11797== by 0x4B953B: vgetorpeek (getchar.c:2833)
==11797== by 0x4B758D: vgetc (getchar.c:1606)
==11797== by 0x4B7AD3: safe_vgetc (getchar.c:1802)
==11797== by 0x503F49: normal_cmd (normal.c:627)
==11797== Block was alloc'd at
==11797== at 0x4C2ABF5: malloc (vg_replace_malloc.c:299)
==11797== by 0x4F28A0: lalloc (misc2.c:920)
==11797== by 0x4F27CB: alloc_clear (misc2.c:842)
==11797== by 0x470F81: create_timer (ex_cmds2.c:1143)
==11797== by 0x45EF7B: f_timer_start (evalfunc.c:12421)
==11797== by 0x44AFB0: call_internal_func (evalfunc.c:999)
==11797== by 0x5E620D: call_func (userfunc.c:1372)
==11797== by 0x5E408D: get_func_tv (userfunc.c:455)
==11797== by 0x5E9D8D: ex_call (userfunc.c:2981)
==11797== by 0x47BDC6: do_one_cmd (ex_docmd.c:2967)
==11797== by 0x478822: do_cmdline (ex_docmd.c:1110)
==11797== by 0x477E5E: do_cmdline_cmd (ex_docmd.c:715)
(more errors after than)
Attached patch fixes it.
Regards
Dominique
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to vim_dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
diff --git a/src/ex_cmds2.c b/src/ex_cmds2.c
index a76b055..acaef9f 100644
--- a/src/ex_cmds2.c
+++ b/src/ex_cmds2.c
@@ -1222,8 +1222,8 @@ check_due_timer(void)
}
else
{
- free_timer(timer);
remove_timer(timer);
+ free_timer(timer);
}
/* the callback may do anything, start all over */
break;
