Charles Campbell wrote:
v...@googlecode.com wrote:
Comment #4 on issue 230 by brammool...@gmail.com: "Vim: Caught deadly
signal SEGV"
http://code.google.com/p/vim/issues/detail?id=230
The errors in the libfontconfig.so look like a library problem:
reading 4 bytes where there are only 2. Because of alignment this
probably does not cause a crash.
The error below update_screen() is most likely what causes the
crash. Can't see what happens there from this info though.
I tried this problem out: gvim -u junk.vim -U NONE macos (where
"junk.vim" has the two lines the poster mentioned)
* used binary compiled from an older machine: gvim -u junk.vim -U NONE
macos
- got a crash and no status line
- gdb doesn't track gvim after gvim "separates" from the console
(ie. becomes its own process)
- binary wasn't compiled for debugging and was stripped
* recompiled vim for debugging and no stripping
- no crash, has status line
- valgrind reported no problems
I'm going to go and update with the new patches now...
Hmm, apparently I was using an oddball version of vim that wasn't
completely patched. So I've now rebuilt vim 7.4.320; using
valgrind --log-file=gvim.out gvim -u junk.vim -U NONE macos
The attached file contains the log. Vim crashed eventually, but it took
a lot of j and k motions, sprinkled with the occasional L and G to get it.
Would one of you tell me how best to apply gdb to gvim? I suppose I
could run gvim and then attach gdb to it after its started.
Regards,
Chip
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups "vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to vim_dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
==26227== Memcheck, a memory error detector
==26227== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==26227== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==26227== Command: gvim -u junk.vim -U NONE macos
==26227== Parent PID: 25480
==26227==
==26227==
==26227== HEAP SUMMARY:
==26227== in use at exit: 437,694 bytes in 8,929 blocks
==26227== total heap usage: 50,594 allocs, 41,665 frees, 10,562,563 bytes
allocated
==26227==
==26227== LEAK SUMMARY:
==26227== definitely lost: 0 bytes in 0 blocks
==26227== indirectly lost: 0 bytes in 0 blocks
==26227== possibly lost: 111,439 bytes in 2,431 blocks
==26227== still reachable: 326,255 bytes in 6,498 blocks
==26227== suppressed: 0 bytes in 0 blocks
==26227== Rerun with --leak-check=full to see details of leaked memory
==26227==
==26227== For counts of detected and suppressed errors, rerun with: -v
==26227== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 6 from 6)
==26229== Invalid read of size 4
==26229== at 0x5914AE: screen_del_lines (screen.c:9526)
==26229== by 0x590A42: win_do_lines (screen.c:9082)
==26229== by 0x59079D: win_del_lines (screen.c:8984)
==26229== by 0x5817B3: win_update (screen.c:1417)
==26229== by 0x5803AB: update_screen (screen.c:676)
==26229== by 0x62AA86: main_loop (main.c:1229)
==26229== by 0x62A621: main (main.c:1026)
==26229== Address 0x505aa1c is 0 bytes after a block of size 108 alloc'd
==26229== at 0x4A069EE: malloc (vg_replace_malloc.c:270)
==26229== by 0x50A953: lalloc (misc2.c:921)
==26229== by 0x58EFD2: screenalloc (screen.c:8190)
==26229== by 0x58ECCF: screen_valid (screen.c:8070)
==26229== by 0x51140E: update_topline (move.c:183)
==26229== by 0x51297C: curs_columns (move.c:971)
==26229== by 0x511F62: validate_cursor (move.c:653)
==26229== by 0x5F47EB: win_new_height (window.c:5663)
==26229== by 0x5F51F0: last_status_rec (window.c:5978)
==26229== by 0x5F5074: last_status (window.c:5930)
==26229== by 0x5421D1: set_num_option (option.c:8264)
==26229== by 0x53B710: do_set (option.c:4530)
==26229==
==26229== Invalid read of size 1
==26229== at 0x5914DA: screen_del_lines (screen.c:9527)
==26229== by 0x590A42: win_do_lines (screen.c:9082)
==26229== by 0x59079D: win_del_lines (screen.c:8984)
==26229== by 0x5817B3: win_update (screen.c:1417)
==26229== by 0x5803AB: update_screen (screen.c:676)
==26229== by 0x62AA86: main_loop (main.c:1229)
==26229== by 0x62A621: main (main.c:1026)
==26229== Address 0x505aa7b is 0 bytes after a block of size 27 alloc'd
==26229== at 0x4A069EE: malloc (vg_replace_malloc.c:270)
==26229== by 0x50A953: lalloc (misc2.c:921)
==26229== by 0x58EFEA: screenalloc (screen.c:8192)
==26229== by 0x58ECCF: screen_valid (screen.c:8070)
==26229== by 0x51140E: update_topline (move.c:183)
==26229== by 0x51297C: curs_columns (move.c:971)
==26229== by 0x511F62: validate_cursor (move.c:653)
==26229== by 0x5F47EB: win_new_height (window.c:5663)
==26229== by 0x5F51F0: last_status_rec (window.c:5978)
==26229== by 0x5F5074: last_status (window.c:5930)
==26229== by 0x5421D1: set_num_option (option.c:8264)
==26229== by 0x53B710: do_set (option.c:4530)
==26229==
==26229== Invalid write of size 4
==26229== at 0x5914B0: screen_del_lines (screen.c:9526)
==26229== by 0x590A42: win_do_lines (screen.c:9082)
==26229== by 0x59079D: win_del_lines (screen.c:8984)
==26229== by 0x5817B3: win_update (screen.c:1417)
==26229== by 0x5803AB: update_screen (screen.c:676)
==26229== by 0x62AA86: main_loop (main.c:1229)
==26229== by 0x62A621: main (main.c:1026)
==26229== Address 0x505aa1c is 0 bytes after a block of size 108 alloc'd
==26229== at 0x4A069EE: malloc (vg_replace_malloc.c:270)
==26229== by 0x50A953: lalloc (misc2.c:921)
==26229== by 0x58EFD2: screenalloc (screen.c:8190)
==26229== by 0x58ECCF: screen_valid (screen.c:8070)
==26229== by 0x51140E: update_topline (move.c:183)
==26229== by 0x51297C: curs_columns (move.c:971)
==26229== by 0x511F62: validate_cursor (move.c:653)
==26229== by 0x5F47EB: win_new_height (window.c:5663)
==26229== by 0x5F51F0: last_status_rec (window.c:5978)
==26229== by 0x5F5074: last_status (window.c:5930)
==26229== by 0x5421D1: set_num_option (option.c:8264)
==26229== by 0x53B710: do_set (option.c:4530)
==26229==
==26229== Invalid write of size 1
==26229== at 0x5914DD: screen_del_lines (screen.c:9527)
==26229== by 0x590A42: win_do_lines (screen.c:9082)
==26229== by 0x59079D: win_del_lines (screen.c:8984)
==26229== by 0x5817B3: win_update (screen.c:1417)
==26229== by 0x5803AB: update_screen (screen.c:676)
==26229== by 0x62AA86: main_loop (main.c:1229)
==26229== by 0x62A621: main (main.c:1026)
==26229== Address 0x505aa7b is 0 bytes after a block of size 27 alloc'd
==26229== at 0x4A069EE: malloc (vg_replace_malloc.c:270)
==26229== by 0x50A953: lalloc (misc2.c:921)
==26229== by 0x58EFEA: screenalloc (screen.c:8192)
==26229== by 0x58ECCF: screen_valid (screen.c:8070)
==26229== by 0x51140E: update_topline (move.c:183)
==26229== by 0x51297C: curs_columns (move.c:971)
==26229== by 0x511F62: validate_cursor (move.c:653)
==26229== by 0x5F47EB: win_new_height (window.c:5663)
==26229== by 0x5F51F0: last_status_rec (window.c:5978)
==26229== by 0x5F5074: last_status (window.c:5930)
==26229== by 0x5421D1: set_num_option (option.c:8264)
==26229== by 0x53B710: do_set (option.c:4530)
==26229==
==26229== Invalid write of size 4
==26229== at 0x591511: screen_del_lines (screen.c:9529)
==26229== by 0x590A42: win_do_lines (screen.c:9082)
==26229== by 0x59079D: win_del_lines (screen.c:8984)
==26229== by 0x5817B3: win_update (screen.c:1417)
==26229== by 0x5803AB: update_screen (screen.c:676)
==26229== by 0x62AA86: main_loop (main.c:1229)
==26229== by 0x62A621: main (main.c:1026)
==26229== Address 0x505aa38 is not stack'd, malloc'd or (recently) free'd
==26229==
==26229== Invalid write of size 1
==26229== at 0x59152C: screen_del_lines (screen.c:9530)
==26229== by 0x590A42: win_do_lines (screen.c:9082)
==26229== by 0x59079D: win_del_lines (screen.c:8984)
==26229== by 0x5817B3: win_update (screen.c:1417)
==26229== by 0x5803AB: update_screen (screen.c:676)
==26229== by 0x62AA86: main_loop (main.c:1229)
==26229== by 0x62A621: main (main.c:1026)
==26229== Address 0x505aa82 is 7 bytes after a block of size 27 alloc'd
==26229== at 0x4A069EE: malloc (vg_replace_malloc.c:270)
==26229== by 0x50A953: lalloc (misc2.c:921)
==26229== by 0x58EFEA: screenalloc (screen.c:8192)
==26229== by 0x58ECCF: screen_valid (screen.c:8070)
==26229== by 0x51140E: update_topline (move.c:183)
==26229== by 0x51297C: curs_columns (move.c:971)
==26229== by 0x511F62: validate_cursor (move.c:653)
==26229== by 0x5F47EB: win_new_height (window.c:5663)
==26229== by 0x5F51F0: last_status_rec (window.c:5978)
==26229== by 0x5F5074: last_status (window.c:5930)
==26229== by 0x5421D1: set_num_option (option.c:8264)
==26229== by 0x53B710: do_set (option.c:4530)
==26229==
==26229== Invalid write of size 1
==26229== at 0x582E06: win_update (screen.c:2002)
==26229== by 0x5803AB: update_screen (screen.c:676)
==26229== by 0x62AA86: main_loop (main.c:1229)
==26229== by 0x62A621: main (main.c:1026)
==26229== Address 0x505ae43 is 11 bytes after a block of size 648 alloc'd
==26229== at 0x4A069EE: malloc (vg_replace_malloc.c:270)
==26229== by 0x50A953: lalloc (misc2.c:921)
==26229== by 0x50A87D: alloc_clear (misc2.c:832)
==26229== by 0x5F30D2: win_alloc_lines (window.c:4717)
==26229== by 0x58F046: screenalloc (screen.c:8199)
==26229== by 0x58ECCF: screen_valid (screen.c:8070)
==26229== by 0x51140E: update_topline (move.c:183)
==26229== by 0x51297C: curs_columns (move.c:971)
==26229== by 0x511F62: validate_cursor (move.c:653)
==26229== by 0x5F47EB: win_new_height (window.c:5663)
==26229== by 0x5F51F0: last_status_rec (window.c:5978)
==26229== by 0x5F5074: last_status (window.c:5930)
==26229==
==26229== Invalid write of size 8
==26229== at 0x582E39: win_update (screen.c:2003)
==26229== by 0x5803AB: update_screen (screen.c:676)
==26229== by 0x62AA86: main_loop (main.c:1229)
==26229== by 0x62A621: main (main.c:1026)
==26229== Address 0x505ae48 is 16 bytes after a block of size 648 alloc'd
==26229== at 0x4A069EE: malloc (vg_replace_malloc.c:270)
==26229== by 0x50A953: lalloc (misc2.c:921)
==26229== by 0x50A87D: alloc_clear (misc2.c:832)
==26229== by 0x5F30D2: win_alloc_lines (window.c:4717)
==26229== by 0x58F046: screenalloc (screen.c:8199)
==26229== by 0x58ECCF: screen_valid (screen.c:8070)
==26229== by 0x51140E: update_topline (move.c:183)
==26229== by 0x51297C: curs_columns (move.c:971)
==26229== by 0x511F62: validate_cursor (move.c:653)
==26229== by 0x5F47EB: win_new_height (window.c:5663)
==26229== by 0x5F51F0: last_status_rec (window.c:5978)
==26229== by 0x5F5074: last_status (window.c:5930)
==26229==
==26229== Invalid write of size 8
==26229== at 0x582E7E: win_update (screen.c:2011)
==26229== by 0x5803AB: update_screen (screen.c:676)
==26229== by 0x62AA86: main_loop (main.c:1229)
==26229== by 0x62A621: main (main.c:1026)
==26229== Address 0x505ae38 is 0 bytes after a block of size 648 alloc'd
==26229== at 0x4A069EE: malloc (vg_replace_malloc.c:270)
==26229== by 0x50A953: lalloc (misc2.c:921)
==26229== by 0x50A87D: alloc_clear (misc2.c:832)
==26229== by 0x5F30D2: win_alloc_lines (window.c:4717)
==26229== by 0x58F046: screenalloc (screen.c:8199)
==26229== by 0x58ECCF: screen_valid (screen.c:8070)
==26229== by 0x51140E: update_topline (move.c:183)
==26229== by 0x51297C: curs_columns (move.c:971)
==26229== by 0x511F62: validate_cursor (move.c:653)
==26229== by 0x5F47EB: win_new_height (window.c:5663)
==26229== by 0x5F51F0: last_status_rec (window.c:5978)
==26229== by 0x5F5074: last_status (window.c:5930)
==26229==
==26229== Invalid write of size 1
==26229== at 0x582EA9: win_update (screen.c:2012)
==26229== by 0x5803AB: update_screen (screen.c:676)
==26229== by 0x62AA86: main_loop (main.c:1229)
==26229== by 0x62A621: main (main.c:1026)
==26229== Address 0x505ae42 is 10 bytes after a block of size 648 alloc'd
==26229== at 0x4A069EE: malloc (vg_replace_malloc.c:270)
==26229== by 0x50A953: lalloc (misc2.c:921)
==26229== by 0x50A87D: alloc_clear (misc2.c:832)
==26229== by 0x5F30D2: win_alloc_lines (window.c:4717)
==26229== by 0x58F046: screenalloc (screen.c:8199)
==26229== by 0x58ECCF: screen_valid (screen.c:8070)
==26229== by 0x51140E: update_topline (move.c:183)
==26229== by 0x51297C: curs_columns (move.c:971)
==26229== by 0x511F62: validate_cursor (move.c:653)
==26229== by 0x5F47EB: win_new_height (window.c:5663)
==26229== by 0x5F51F0: last_status_rec (window.c:5978)
==26229== by 0x5F5074: last_status (window.c:5930)
==26229==
==26229== Invalid write of size 2
==26229== at 0x582F68: win_update (screen.c:2022)
==26229== by 0x5803AB: update_screen (screen.c:676)
==26229== by 0x62AA86: main_loop (main.c:1229)
==26229== by 0x62A621: main (main.c:1026)
==26229== Address 0x505ae40 is 8 bytes after a block of size 648 alloc'd
==26229== at 0x4A069EE: malloc (vg_replace_malloc.c:270)
==26229== by 0x50A953: lalloc (misc2.c:921)
==26229== by 0x50A87D: alloc_clear (misc2.c:832)
==26229== by 0x5F30D2: win_alloc_lines (window.c:4717)
==26229== by 0x58F046: screenalloc (screen.c:8199)
==26229== by 0x58ECCF: screen_valid (screen.c:8070)
==26229== by 0x51140E: update_topline (move.c:183)
==26229== by 0x51297C: curs_columns (move.c:971)
==26229== by 0x511F62: validate_cursor (move.c:653)
==26229== by 0x5F47EB: win_new_height (window.c:5663)
==26229== by 0x5F51F0: last_status_rec (window.c:5978)
==26229== by 0x5F5074: last_status (window.c:5930)
==26229==
==26229== Invalid read of size 8
==26229== at 0x512064: curs_rows (move.c:703)
==26229== by 0x5129A4: curs_columns (move.c:977)
==26229== by 0x511F62: validate_cursor (move.c:653)
==26229== by 0x62AA5C: main_loop (main.c:1224)
==26229== by 0x62A621: main (main.c:1026)
==26229== Address 0x505ae38 is 0 bytes after a block of size 648 alloc'd
==26229== at 0x4A069EE: malloc (vg_replace_malloc.c:270)
==26229== by 0x50A953: lalloc (misc2.c:921)
==26229== by 0x50A87D: alloc_clear (misc2.c:832)
==26229== by 0x5F30D2: win_alloc_lines (window.c:4717)
==26229== by 0x58F046: screenalloc (screen.c:8199)
==26229== by 0x58ECCF: screen_valid (screen.c:8070)
==26229== by 0x51140E: update_topline (move.c:183)
==26229== by 0x51297C: curs_columns (move.c:971)
==26229== by 0x511F62: validate_cursor (move.c:653)
==26229== by 0x5F47EB: win_new_height (window.c:5663)
==26229== by 0x5F51F0: last_status_rec (window.c:5978)
==26229== by 0x5F5074: last_status (window.c:5930)
==26229==
==26229== Invalid read of size 1
==26229== at 0x512093: curs_rows (move.c:703)
==26229== by 0x5129A4: curs_columns (move.c:977)
==26229== by 0x511F62: validate_cursor (move.c:653)
==26229== by 0x62AA5C: main_loop (main.c:1224)
==26229== by 0x62A621: main (main.c:1026)
==26229== Address 0x505ae42 is 10 bytes after a block of size 648 alloc'd
==26229== at 0x4A069EE: malloc (vg_replace_malloc.c:270)
==26229== by 0x50A953: lalloc (misc2.c:921)
==26229== by 0x50A87D: alloc_clear (misc2.c:832)
==26229== by 0x5F30D2: win_alloc_lines (window.c:4717)
==26229== by 0x58F046: screenalloc (screen.c:8199)
==26229== by 0x58ECCF: screen_valid (screen.c:8070)
==26229== by 0x51140E: update_topline (move.c:183)
==26229== by 0x51297C: curs_columns (move.c:971)
==26229== by 0x511F62: validate_cursor (move.c:653)
==26229== by 0x5F47EB: win_new_height (window.c:5663)
==26229== by 0x5F51F0: last_status_rec (window.c:5978)
==26229== by 0x5F5074: last_status (window.c:5930)
==26229==
==26229== Invalid read of size 8
==26229== at 0x5120C1: curs_rows (move.c:705)
==26229== by 0x5129A4: curs_columns (move.c:977)
==26229== by 0x511F62: validate_cursor (move.c:653)
==26229== by 0x62AA5C: main_loop (main.c:1224)
==26229== by 0x62A621: main (main.c:1026)
==26229== Address 0x505ae38 is 0 bytes after a block of size 648 alloc'd
==26229== at 0x4A069EE: malloc (vg_replace_malloc.c:270)
==26229== by 0x50A953: lalloc (misc2.c:921)
==26229== by 0x50A87D: alloc_clear (misc2.c:832)
==26229== by 0x5F30D2: win_alloc_lines (window.c:4717)
==26229== by 0x58F046: screenalloc (screen.c:8199)
==26229== by 0x58ECCF: screen_valid (screen.c:8070)
==26229== by 0x51140E: update_topline (move.c:183)
==26229== by 0x51297C: curs_columns (move.c:971)
==26229== by 0x511F62: validate_cursor (move.c:653)
==26229== by 0x5F47EB: win_new_height (window.c:5663)
==26229== by 0x5F51F0: last_status_rec (window.c:5978)
==26229== by 0x5F5074: last_status (window.c:5930)
==26229==
==26229== Invalid read of size 8
==26229== at 0x5121D3: curs_rows (move.c:727)
==26229== by 0x5129A4: curs_columns (move.c:977)
==26229== by 0x511F62: validate_cursor (move.c:653)
==26229== by 0x62AA5C: main_loop (main.c:1224)
==26229== by 0x62A621: main (main.c:1026)
==26229== Address 0x505ae48 is 16 bytes after a block of size 648 alloc'd
==26229== at 0x4A069EE: malloc (vg_replace_malloc.c:270)
==26229== by 0x50A953: lalloc (misc2.c:921)
==26229== by 0x50A87D: alloc_clear (misc2.c:832)
==26229== by 0x5F30D2: win_alloc_lines (window.c:4717)
==26229== by 0x58F046: screenalloc (screen.c:8199)
==26229== by 0x58ECCF: screen_valid (screen.c:8070)
==26229== by 0x51140E: update_topline (move.c:183)
==26229== by 0x51297C: curs_columns (move.c:971)
==26229== by 0x511F62: validate_cursor (move.c:653)
==26229== by 0x5F47EB: win_new_height (window.c:5663)
==26229== by 0x5F51F0: last_status_rec (window.c:5978)
==26229== by 0x5F5074: last_status (window.c:5930)
==26229==
==26229== Invalid read of size 2
==26229== at 0x51221D: curs_rows (move.c:734)
==26229== by 0x5129A4: curs_columns (move.c:977)
==26229== by 0x511F62: validate_cursor (move.c:653)
==26229== by 0x62AA5C: main_loop (main.c:1224)
==26229== by 0x62A621: main (main.c:1026)
==26229== Address 0x505ae40 is 8 bytes after a block of size 648 alloc'd
==26229== at 0x4A069EE: malloc (vg_replace_malloc.c:270)
==26229== by 0x50A953: lalloc (misc2.c:921)
==26229== by 0x50A87D: alloc_clear (misc2.c:832)
==26229== by 0x5F30D2: win_alloc_lines (window.c:4717)
==26229== by 0x58F046: screenalloc (screen.c:8199)
==26229== by 0x58ECCF: screen_valid (screen.c:8070)
==26229== by 0x51140E: update_topline (move.c:183)
==26229== by 0x51297C: curs_columns (move.c:971)
==26229== by 0x511F62: validate_cursor (move.c:653)
==26229== by 0x5F47EB: win_new_height (window.c:5663)
==26229== by 0x5F51F0: last_status_rec (window.c:5978)
==26229== by 0x5F5074: last_status (window.c:5930)
==26229==
==26229== Invalid read of size 1
==26229== at 0x5123A1: curs_rows (move.c:765)
==26229== by 0x5129A4: curs_columns (move.c:977)
==26229== by 0x511F62: validate_cursor (move.c:653)
==26229== by 0x62AA5C: main_loop (main.c:1224)
==26229== by 0x62A621: main (main.c:1026)
==26229== Address 0x505aed2 is 82 bytes inside a block of size 12,240 free'd
==26229== at 0x4A063F0: free (vg_replace_malloc.c:446)
==26229== by 0x50B520: vim_free (misc2.c:1740)
==26229== by 0x57E808: nfa_regmatch (regexp_nfa.c:6738)
==26229== by 0x57E8D9: nfa_regtry (regexp_nfa.c:6791)
==26229== by 0x57EF79: nfa_regexec_both (regexp_nfa.c:6977)
==26229== by 0x57F2A9: nfa_regexec_nl (regexp_nfa.c:7148)
==26229== by 0x57F4B4: vim_regexec (regexp.c:8123)
==26229== by 0x507BB2: unix_expandpath (misc1.c:9904)
==26229== by 0x54DF01: mch_expandpath (os_unix.c:5623)
==26229== by 0x508FAF: gen_expand_wildcards (misc1.c:10568)
==26229== by 0x507331: expand_wildcards (misc1.c:9284)
==26229== by 0x5072CA: expand_wildcards_eval (misc1.c:9255)
==26229==
==26229== Invalid read of size 8
==26229== at 0x5123CB: curs_rows (move.c:766)
==26229== by 0x5129A4: curs_columns (move.c:977)
==26229== by 0x511F62: validate_cursor (move.c:653)
==26229== by 0x62AA5C: main_loop (main.c:1224)
==26229== by 0x62A621: main (main.c:1026)
==26229== Address 0x505aec8 is 72 bytes inside a block of size 12,240 free'd
==26229== at 0x4A063F0: free (vg_replace_malloc.c:446)
==26229== by 0x50B520: vim_free (misc2.c:1740)
==26229== by 0x57E808: nfa_regmatch (regexp_nfa.c:6738)
==26229== by 0x57E8D9: nfa_regtry (regexp_nfa.c:6791)
==26229== by 0x57EF79: nfa_regexec_both (regexp_nfa.c:6977)
==26229== by 0x57F2A9: nfa_regexec_nl (regexp_nfa.c:7148)
==26229== by 0x57F4B4: vim_regexec (regexp.c:8123)
==26229== by 0x507BB2: unix_expandpath (misc1.c:9904)
==26229== by 0x54DF01: mch_expandpath (os_unix.c:5623)
==26229== by 0x508FAF: gen_expand_wildcards (misc1.c:10568)
==26229== by 0x507331: expand_wildcards (misc1.c:9284)
==26229== by 0x5072CA: expand_wildcards_eval (misc1.c:9255)
==26229==
==26229== Invalid read of size 2
==26229== at 0x512500: curs_rows (move.c:791)
==26229== by 0x5129A4: curs_columns (move.c:977)
==26229== by 0x511F62: validate_cursor (move.c:653)
==26229== by 0x62AA5C: main_loop (main.c:1224)
==26229== by 0x62A621: main (main.c:1026)
==26229== Address 0x505aed0 is 80 bytes inside a block of size 12,240 free'd
==26229== at 0x4A063F0: free (vg_replace_malloc.c:446)
==26229== by 0x50B520: vim_free (misc2.c:1740)
==26229== by 0x57E808: nfa_regmatch (regexp_nfa.c:6738)
==26229== by 0x57E8D9: nfa_regtry (regexp_nfa.c:6791)
==26229== by 0x57EF79: nfa_regexec_both (regexp_nfa.c:6977)
==26229== by 0x57F2A9: nfa_regexec_nl (regexp_nfa.c:7148)
==26229== by 0x57F4B4: vim_regexec (regexp.c:8123)
==26229== by 0x507BB2: unix_expandpath (misc1.c:9904)
==26229== by 0x54DF01: mch_expandpath (os_unix.c:5623)
==26229== by 0x508FAF: gen_expand_wildcards (misc1.c:10568)
==26229== by 0x507331: expand_wildcards (misc1.c:9284)
==26229== by 0x5072CA: expand_wildcards_eval (misc1.c:9255)
==26229==
==26229== Invalid read of size 1
==26229== at 0x512533: curs_rows (move.c:793)
==26229== by 0x5129A4: curs_columns (move.c:977)
==26229== by 0x511F62: validate_cursor (move.c:653)
==26229== by 0x62AA5C: main_loop (main.c:1224)
==26229== by 0x62A621: main (main.c:1026)
==26229== Address 0x505aed3 is 83 bytes inside a block of size 12,240 free'd
==26229== at 0x4A063F0: free (vg_replace_malloc.c:446)
==26229== by 0x50B520: vim_free (misc2.c:1740)
==26229== by 0x57E808: nfa_regmatch (regexp_nfa.c:6738)
==26229== by 0x57E8D9: nfa_regtry (regexp_nfa.c:6791)
==26229== by 0x57EF79: nfa_regexec_both (regexp_nfa.c:6977)
==26229== by 0x57F2A9: nfa_regexec_nl (regexp_nfa.c:7148)
==26229== by 0x57F4B4: vim_regexec (regexp.c:8123)
==26229== by 0x507BB2: unix_expandpath (misc1.c:9904)
==26229== by 0x54DF01: mch_expandpath (os_unix.c:5623)
==26229== by 0x508FAF: gen_expand_wildcards (misc1.c:10568)
==26229== by 0x507331: expand_wildcards (misc1.c:9284)
==26229== by 0x5072CA: expand_wildcards_eval (misc1.c:9255)
==26229==
valgrind: m_mallocfree.c:294 (get_bszB_as_is): Assertion 'bszB_lo == bszB_hi'
failed.
valgrind: Heap block lo/hi size mismatch: lo = 59, hi = 17451448556060672.
This is probably caused by your program erroneously writing past the
end of a heap block and corrupting heap metadata. If you fix any
invalid writes reported by Memcheck, this assertion failure will
probably go away. Please try that before reporting this as a bug.
==26229== at 0x38031DA7: report_and_quit (m_libcassert.c:235)
==26229== by 0x38031FE0: vgPlain_assert_fail (m_libcassert.c:309)
==26229== by 0x3803EAEF: vgPlain_arena_free (m_mallocfree.c:294)
==26229== by 0x38003667: create_MC_Chunk (mc_malloc_wrappers.c:165)
==26229== by 0x38003BE0: vgMemCheck_new_block (mc_malloc_wrappers.c:283)
==26229== by 0x3800409A: vgMemCheck_malloc (mc_malloc_wrappers.c:301)
==26229== by 0x3807A58A: vgPlain_scheduler (scheduler.c:1665)
==26229== by 0x380A5A19: run_a_thread_NORETURN (syswrap-linux.c:103)
sched status:
running_tid=1
Thread 1: status = VgTs_Runnable
==26229== at 0x4A069EE: malloc (vg_replace_malloc.c:270)
==26229== by 0x4A06B62: realloc (vg_replace_malloc.c:662)
==26229== by 0x37BC048BFE: g_realloc (in /lib64/libglib-2.0.so.0.2600.1)
==26229== by 0x37BC0175DA: ??? (in /lib64/libglib-2.0.so.0.2600.1)
==26229== by 0x37BC017A96: g_array_append_vals (in
/lib64/libglib-2.0.so.0.2600.1)
==26229== by 0x37C4467DAD: gdk_keymap_get_entries_for_keycode (in
/usr/lib64/libgdk-x11-2.0.so.0.2000.1)
==26229== by 0x37C2D2F631: ??? (in /usr/lib64/libgtk-x11-2.0.so.0.2000.1)
==26229== by 0x37C2D31EB6: ??? (in /usr/lib64/libgtk-x11-2.0.so.0.2000.1)
==26229== by 0x51B595: xim_queue_key_press_event (mbyte.c:5229)
==26229== by 0x602FD2: key_press_event (gui_gtk_x11.c:943)
==26229== by 0x37C2D519E2: ??? (in /usr/lib64/libgtk-x11-2.0.so.0.2000.1)
==26229== by 0x37BD00E2FD: g_closure_invoke (in
/lib64/libgobject-2.0.so.0.2600.1)
==26229== by 0x37BD024694: ??? (in /lib64/libgobject-2.0.so.0.2600.1)
==26229== by 0x37BD02597A: g_signal_emit_valist (in
/lib64/libgobject-2.0.so.0.2600.1)
==26229== by 0x37BD0260F2: g_signal_emit (in
/lib64/libgobject-2.0.so.0.2600.1)
==26229== by 0x37C2E8228E: ??? (in /usr/lib64/libgtk-x11-2.0.so.0.2000.1)
==26229== by 0x37C2D48813: gtk_propagate_event (in
/usr/lib64/libgtk-x11-2.0.so.0.2000.1)
==26229== by 0x37C2D4990A: gtk_main_do_event (in
/usr/lib64/libgtk-x11-2.0.so.0.2000.1)
==26229== by 0x37C446006B: ??? (in /usr/lib64/libgdk-x11-2.0.so.0.2000.1)
==26229== by 0x37BC03FEB1: g_main_context_dispatch (in
/lib64/libglib-2.0.so.0.2600.1)
==26229== by 0x37BC043D67: ??? (in /lib64/libglib-2.0.so.0.2600.1)
==26229== by 0x37BC043F1B: g_main_context_iteration (in
/lib64/libglib-2.0.so.0.2600.1)
==26229== by 0x60A2DB: gui_mch_wait_for_chars (gui_gtk_x11.c:5483)
==26229== by 0x5F9CDE: gui_wait_for_chars (gui.c:2906)
==26229== by 0x5E0483: ui_inchar (ui.c:190)
==26229== by 0x4CEF33: inchar (getchar.c:3082)
==26229== by 0x4CEB4F: vgetorpeek (getchar.c:2857)
==26229== by 0x4CCC18: vgetc (getchar.c:1627)
==26229== by 0x4CD150: safe_vgetc (getchar.c:1832)
==26229== by 0x51C2FD: normal_cmd (normal.c:638)
==26229== by 0x62ACC7: main_loop (main.c:1326)
==26229== by 0x62A621: main (main.c:1026)
Note: see also the FAQ in the source distribution.
It contains workarounds to several common problems.
In particular, if Valgrind aborted or crashed after
identifying problems in your program, there's a good chance
that fixing those problems will prevent Valgrind aborting or
crashing, especially if it happened in m_mallocfree.c.
If that doesn't help, please report this bug to: www.valgrind.org
In the bug report, send all the above text, the valgrind
version, and what OS and version you are using. Thanks.
