Re: 7.2.182: Segmentation fault while searching

Wed, 15 Jul 2009 13:18:02 -0700 

2009/7/15 Dominique Pellé:
> ...
> I can reproduce it too now, at least using Gnome-2 GUI
> with Vim-7.2.233 on Linux x86.
> ...


Hi Dominique,

I can reproduce it too and get the following output with Valgrind.

As in the "Vim SEGV after netbeans messes up syntax data structures",
there is a call to syn_current_attr() followed by a call to
invalidate_current_state() in the find_replace_cb()
callback that is invoked from the gui.
This does corrupt the 'current_state' global structure and shows up
the next time in_id_list() is called.

The way this was fixed for the netbeans callback, was to queue the
events instead of invoking the callback from the gui, and to process
the queue in the idle loop.


==9815==
==9815== Invalid read of size 4
==9815==    at 0x8184E4E: syn_current_attr (syntax.c:1975)
==9815==    by 0x81848E8: get_syntax_attr (syntax.c:1771)
==9815==    by 0x8155492: win_line (screen.c:3906)
==9815==    by 0x8151F19: win_update (screen.c:1764)
==9815==    by 0x81500C5: update_screen (screen.c:521)
==9815==    by 0x81B122E: gui_update_screen (gui.c:4888)
==9815==    by 0x81B181F: gui_do_findrepl (gui.c:5091)
==9815==    by 0x81B5F60: find_replace_cb (gui_gtk.c:2988)
==9815==    by 0x44E5E1A: g_cclosure_marshal_VOID__VOID (in
/usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44D8A7B: g_closure_invoke (in
/usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44E8F2C: (within /usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44EA428: g_signal_emit_valist (in
/usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44EA5D8: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x408FF10: gtk_button_clicked (in
/usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x40917DB: (within /usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x44E5E1A: g_cclosure_marshal_VOID__VOID (in
/usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44D6F48: (within /usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44D8A7B: g_closure_invoke (in
/usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44E93B7: (within /usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44EA428: g_signal_emit_valist (in
/usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44EA5D8: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x408FFA0: gtk_button_released (in
/usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x4090000: (within /usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x415E24F: _gtk_marshal_BOOLEAN__BOXED (in
/usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x44D6F48: (within /usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44D8A7B: g_closure_invoke (in
/usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44E956E: (within /usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44EA207: g_signal_emit_valist (in
/usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44EA5D8: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x4247F63: (within /usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x4157BD2: gtk_propagate_event (in
/usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x4158E06: gtk_main_do_event (in
/usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x435CEE9: (within /usr/lib/libgdk-x11-2.0.so.0.800.20)
==9815==    by 0x4537730: g_main_context_dispatch (in
/usr/lib/libglib-2.0.so.0.1200.4)
==9815==    by 0x453A7A5: (within /usr/lib/libglib-2.0.so.0.1200.4)
==9815==    by 0x453AD26: g_main_context_iteration (in
/usr/lib/libglib-2.0.so.0.1200.4)
==9815==    by 0x4159072: gtk_main_iteration_do (in
/usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x81BD588: gui_mch_update (gui_gtk_x11.c:6437)
==9815==    by 0x819BE29: ui_breakcheck (ui.c:364)
==9815==    by 0x8102581: fast_breakcheck (misc1.c:8435)
==9815==    by 0x814A54E: regmatch (regexp.c:3788)
==9815==    by 0x814A2CB: regtry (regexp.c:3656)
==9815==    by 0x814A0ED: vim_regexec_both (regexp.c:3545)
==9815==    by 0x8149BF3: vim_regexec_multi (regexp.c:3355)
==9815==    by 0x8186BE8: syn_regexec (syntax.c:3128)
==9815==    by 0x8184F0E: syn_current_attr (syntax.c:2002)
==9815==    by 0x81848E8: get_syntax_attr (syntax.c:1771)
==9815==    by 0x8155492: win_line (screen.c:3906)
==9815==    by 0x8151F19: win_update (screen.c:1764)
==9815==    by 0x81500C5: update_screen (screen.c:521)
==9815==  Address 0x56F500C is 148 bytes inside a block of size 480 free'd
==9815==    at 0x401CFA5: free (vg_replace_malloc.c:233)
==9815==    by 0x8104E42: vim_free (misc2.c:1639)
==9815==    by 0x8105071: ga_clear (misc2.c:1936)
==9815==    by 0x8182E0F: clear_current_state (syntax.c:660)
==9815==    by 0x8184628: invalidate_current_state (syntax.c:1615)
==9815==    by 0x8182AA4: syntax_start (syntax.c:514)
==9815==    by 0x815338B: win_line (screen.c:2726)
==9815==    by 0x8151F19: win_update (screen.c:1764)
==9815==    by 0x81500C5: update_screen (screen.c:521)
==9815==    by 0x81B122E: gui_update_screen (gui.c:4888)
==9815==    by 0x81B181F: gui_do_findrepl (gui.c:5091)
==9815==    by 0x81B5F60: find_replace_cb (gui_gtk.c:2988)
==9815==    by 0x44E5E1A: g_cclosure_marshal_VOID__VOID (in
/usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44D8A7B: g_closure_invoke (in
/usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44E8F2C: (within /usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44EA428: g_signal_emit_valist (in
/usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44EA5D8: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x408FF10: gtk_button_clicked (in
/usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x40917DB: (within /usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x44E5E1A: g_cclosure_marshal_VOID__VOID (in
/usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44D6F48: (within /usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44D8A7B: g_closure_invoke (in
/usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44E93B7: (within /usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44EA428: g_signal_emit_valist (in
/usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44EA5D8: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x408FFA0: gtk_button_released (in
/usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x4090000: (within /usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x415E24F: _gtk_marshal_BOOLEAN__BOXED (in
/usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x44D6F48: (within /usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44D8A7B: g_closure_invoke (in
/usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44E956E: (within /usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44EA207: g_signal_emit_valist (in
/usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44EA5D8: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x4247F63: (within /usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x4157BD2: gtk_propagate_event (in
/usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x4158E06: gtk_main_do_event (in
/usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x435CEE9: (within /usr/lib/libgdk-x11-2.0.so.0.800.20)
==9815==    by 0x4537730: g_main_context_dispatch (in
/usr/lib/libglib-2.0.so.0.1200.4)
==9815==    by 0x453A7A5: (within /usr/lib/libglib-2.0.so.0.1200.4)
==9815==    by 0x453AD26: g_main_context_iteration (in
/usr/lib/libglib-2.0.so.0.1200.4)
==9815==    by 0x4159072: gtk_main_iteration_do (in
/usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x81BD588: gui_mch_update (gui_gtk_x11.c:6437)
==9815==    by 0x819BE29: ui_breakcheck (ui.c:364)
==9815==    by 0x8102581: fast_breakcheck (misc1.c:8435)
==9815==    by 0x814A54E: regmatch (regexp.c:3788)
==9815==    by 0x814A2CB: regtry (regexp.c:3656)
==9815==    by 0x814A0ED: vim_regexec_both (regexp.c:3545)
==9815==    by 0x8149BF3: vim_regexec_multi (regexp.c:3355)
==9815==    by 0x8186BE8: syn_regexec (syntax.c:3128)
==9815==    by 0x8184F0E: syn_current_attr (syntax.c:2002)
==9815==
==9815== Invalid read of size 2
==9815==    at 0x818BE0A: in_id_list (syntax.c:5880)
==9815==    by 0x8184E67: syn_current_attr (syntax.c:1975)
==9815==    by 0x81848E8: get_syntax_attr (syntax.c:1771)
==9815==    by 0x8155492: win_line (screen.c:3906)
==9815==    by 0x8151F19: win_update (screen.c:1764)
==9815==    by 0x81500C5: update_screen (screen.c:521)
==9815==    by 0x81B122E: gui_update_screen (gui.c:4888)
==9815==    by 0x81B181F: gui_do_findrepl (gui.c:5091)
==9815==    by 0x81B5F60: find_replace_cb (gui_gtk.c:2988)
==9815==    by 0x44E5E1A: g_cclosure_marshal_VOID__VOID (in
/usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44D8A7B: g_closure_invoke (in
/usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44E8F2C: (within /usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44EA428: g_signal_emit_valist (in
/usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44EA5D8: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x408FF10: gtk_button_clicked (in
/usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x40917DB: (within /usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x44E5E1A: g_cclosure_marshal_VOID__VOID (in
/usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44D6F48: (within /usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44D8A7B: g_closure_invoke (in
/usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44E93B7: (within /usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44EA428: g_signal_emit_valist (in
/usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44EA5D8: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x408FFA0: gtk_button_released (in
/usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x4090000: (within /usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x415E24F: _gtk_marshal_BOOLEAN__BOXED (in
/usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x44D6F48: (within /usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44D8A7B: g_closure_invoke (in
/usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44E956E: (within /usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44EA207: g_signal_emit_valist (in
/usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x44EA5D8: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1200.4)
==9815==    by 0x4247F63: (within /usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x4157BD2: gtk_propagate_event (in
/usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x4158E06: gtk_main_do_event (in
/usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x435CEE9: (within /usr/lib/libgdk-x11-2.0.so.0.800.20)
==9815==    by 0x4537730: g_main_context_dispatch (in
/usr/lib/libglib-2.0.so.0.1200.4)
==9815==    by 0x453A7A5: (within /usr/lib/libglib-2.0.so.0.1200.4)
==9815==    by 0x453AD26: g_main_context_iteration (in
/usr/lib/libglib-2.0.so.0.1200.4)
==9815==    by 0x4159072: gtk_main_iteration_do (in
/usr/lib/libgtk-x11-2.0.so.0.800.20)
==9815==    by 0x81BD588: gui_mch_update (gui_gtk_x11.c:6437)
==9815==    by 0x819BE29: ui_breakcheck (ui.c:364)
==9815==    by 0x8102581: fast_breakcheck (misc1.c:8435)
==9815==    by 0x814A54E: regmatch (regexp.c:3788)
==9815==    by 0x814A2CB: regtry (regexp.c:3656)
==9815==    by 0x814A0ED: vim_regexec_both (regexp.c:3545)
==9815==    by 0x8149BF3: vim_regexec_multi (regexp.c:3355)
==9815==    by 0x8186BE8: syn_regexec (syntax.c:3128)
==9815==    by 0x8184F0E: syn_current_attr (syntax.c:2002)
==9815==    by 0x81848E8: get_syntax_attr (syntax.c:1771)
==9815==    by 0x8155492: win_line (screen.c:3906)
==9815==    by 0x8151F19: win_update (screen.c:1764)
==9815==  Address 0x40568000 is not stack'd, malloc'd or (recently) free'd
Vim: Caught deadly signal SEGV

==9815==


Xavier

--~--~---------~--~----~------------~-------~--~----~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~----------~----~----~----~------~----~------~--~---

Raspunde prin e-mail lui