[patch] fixed valgrind errors introduced by vim-7.4.330

Dominique Pellé Tue, 17 Jun 2014 14:32:34 -0700

Hi

Valgrind reports errors when running test63 with vim-7.4.333:


==15791== Memcheck, a memory error detector
==15791== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==15791== Using Valgrind-3.9.0.SVN and LibVEX; rerun with -h for copyright info
==15791== Command: ../vim -u unix.vim -U NONE --noplugin -s dotest.in test63.in
==15791== Parent PID: 15790
==15791==
==15791== Conditional jump or move depends on uninitialised value(s)
==15791==    at 0x56C366: next_search_hl (screen.c:7464)
==15791==    by 0x56431D: win_line (screen.c:3448)
==15791==    by 0x560E66: win_update (screen.c:2000)
==15791==    by 0x55E4F4: update_screen (screen.c:677)
==15791==    by 0x5FB03D: main_loop (main.c:1229)
==15791==    by 0x5FABA8: main (main.c:1026)
==15791==  Uninitialised value was created by a stack allocation
==15791==    at 0x56C0B0: next_search_hl (screen.c:7367)
==15791==
==15791== Conditional jump or move depends on uninitialised value(s)
==15791==    at 0x56C424: next_search_hl_pos (screen.c:7493)
==15791==    by 0x56C35A: next_search_hl (screen.c:7462)
==15791==    by 0x56431D: win_line (screen.c:3448)
==15791==    by 0x560E66: win_update (screen.c:2000)
==15791==    by 0x55E4F4: update_screen (screen.c:677)
==15791==    by 0x5FB03D: main_loop (main.c:1229)
==15791==    by 0x5FABA8: main (main.c:1026)
==15791==  Uninitialised value was created by a heap allocation
==15791==    at 0x4C2A45D: malloc (vg_replace_malloc.c:291)
==15791==    by 0x4E8367: lalloc (misc2.c:921)
==15791==    by 0x4E8275: alloc (misc2.c:820)
==15791==    by 0x5DAB31: match_add (window.c:6812)
==15791==    by 0x482962: ex_match (ex_docmd.c:11492)
==15791==    by 0x47394B: do_one_cmd (ex_docmd.c:2701)
==15791==    by 0x470E70: do_cmdline (ex_docmd.c:1126)
==15791==    by 0x50267C: nv_colon (normal.c:5308)
==15791==    by 0x4FB183: normal_cmd (normal.c:1156)
==15791==    by 0x5FB29C: main_loop (main.c:1326)
==15791==    by 0x5FABA8: main (main.c:1026)
==15791==
==15791== Conditional jump or move depends on uninitialised value(s)
==15791==    at 0x5DB0A7: match_delete (window.c:6981)
==15791==    by 0x482764: ex_match (ex_docmd.c:11457)
==15791==    by 0x47394B: do_one_cmd (ex_docmd.c:2701)
==15791==    by 0x470E70: do_cmdline (ex_docmd.c:1126)
==15791==    by 0x50267C: nv_colon (normal.c:5308)
==15791==    by 0x4FB183: normal_cmd (normal.c:1156)
==15791==    by 0x5FB29C: main_loop (main.c:1326)
==15791==    by 0x5FABA8: main (main.c:1026)
==15791==  Uninitialised value was created by a heap allocation
==15791==    at 0x4C2A45D: malloc (vg_replace_malloc.c:291)
==15791==    by 0x4E8367: lalloc (misc2.c:921)
==15791==    by 0x4E8275: alloc (misc2.c:820)
==15791==    by 0x5DAB31: match_add (window.c:6812)
==15791==    by 0x482962: ex_match (ex_docmd.c:11492)
==15791==    by 0x47394B: do_one_cmd (ex_docmd.c:2701)
==15791==    by 0x470E70: do_cmdline (ex_docmd.c:1126)
==15791==    by 0x50267C: nv_colon (normal.c:5308)
==15791==    by 0x4FB183: normal_cmd (normal.c:1156)
==15791==    by 0x5FB29C: main_loop (main.c:1326)
==15791==    by 0x5FABA8: main (main.c:1026)
==15791==
==15791== Conditional jump or move depends on uninitialised value(s)
==15791==    at 0x5DB0A7: match_delete (window.c:6981)
==15791==    by 0x4485A5: f_matchdelete (eval.c:14443)
==15791==    by 0x43FA2D: call_func (eval.c:8596)
==15791==    by 0x43F465: get_func_tv (eval.c:8403)
==15791==    by 0x437DA1: ex_call (eval.c:3487)
==15791==    by 0x47394B: do_one_cmd (ex_docmd.c:2701)
==15791==    by 0x470E70: do_cmdline (ex_docmd.c:1126)
==15791==    by 0x50267C: nv_colon (normal.c:5308)
==15791==    by 0x4FB183: normal_cmd (normal.c:1156)
==15791==    by 0x5FB29C: main_loop (main.c:1326)
==15791==    by 0x5FABA8: main (main.c:1026)
==15791==  Uninitialised value was created by a heap allocation
==15791==    at 0x4C2A45D: malloc (vg_replace_malloc.c:291)
==15791==    by 0x4E8367: lalloc (misc2.c:921)
==15791==    by 0x4E8275: alloc (misc2.c:820)
==15791==    by 0x5DAB31: match_add (window.c:6812)
==15791==    by 0x4482FB: f_matchadd (eval.c:14347)
==15791==    by 0x43FA2D: call_func (eval.c:8596)
==15791==    by 0x43F465: get_func_tv (eval.c:8403)
==15791==    by 0x43AC2D: eval7 (eval.c:5181)
==15791==    by 0x43A4DD: eval6 (eval.c:4832)
==15791==    by 0x43A011: eval5 (eval.c:4648)
==15791==    by 0x439325: eval4 (eval.c:4341)
==15791==    by 0x439168: eval3 (eval.c:4253)
==15791==    by 0x438FE7: eval2 (eval.c:4182)
==15791==    by 0x438E26: eval1 (eval.c:4107)
==15791==    by 0x438D85: eval0 (eval.c:4064)
==15791==
==15791== Conditional jump or move depends on uninitialised value(s)
==15791==    at 0x5DAC8E: match_add (window.c:6854)
==15791==    by 0x44846C: f_matchaddpos (eval.c:14398)
==15791==    by 0x43FA2D: call_func (eval.c:8596)
==15791==    by 0x43F465: get_func_tv (eval.c:8403)
==15791==    by 0x437DA1: ex_call (eval.c:3487)
==15791==    by 0x47394B: do_one_cmd (ex_docmd.c:2701)
==15791==    by 0x470E70: do_cmdline (ex_docmd.c:1126)
==15791==    by 0x50267C: nv_colon (normal.c:5308)
==15791==    by 0x4FB183: normal_cmd (normal.c:1156)
==15791==    by 0x5FB29C: main_loop (main.c:1326)
==15791==    by 0x5FABA8: main (main.c:1026)
==15791==  Uninitialised value was created by a stack allocation
==15791==    at 0x5DA92B: match_add (window.c:6761)
==15791==
==15791== Conditional jump or move depends on uninitialised value(s)
==15791==    at 0x5DACF3: match_add (window.c:6866)
==15791==    by 0x44846C: f_matchaddpos (eval.c:14398)
==15791==    by 0x43FA2D: call_func (eval.c:8596)
==15791==    by 0x43F465: get_func_tv (eval.c:8403)
==15791==    by 0x437DA1: ex_call (eval.c:3487)
==15791==    by 0x47394B: do_one_cmd (ex_docmd.c:2701)
==15791==    by 0x470E70: do_cmdline (ex_docmd.c:1126)
==15791==    by 0x50267C: nv_colon (normal.c:5308)
==15791==    by 0x4FB183: normal_cmd (normal.c:1156)
==15791==    by 0x5FB29C: main_loop (main.c:1326)
==15791==    by 0x5FABA8: main (main.c:1026)
==15791==  Uninitialised value was created by a stack allocation
==15791==    at 0x5DA92B: match_add (window.c:6761)
==15791==
==15791== Conditional jump or move depends on uninitialised value(s)
==15791==    at 0x5DAD2C: match_add (window.c:6872)
==15791==    by 0x44846C: f_matchaddpos (eval.c:14398)
==15791==    by 0x43FA2D: call_func (eval.c:8596)
==15791==    by 0x43F465: get_func_tv (eval.c:8403)
==15791==    by 0x437DA1: ex_call (eval.c:3487)
==15791==    by 0x47394B: do_one_cmd (ex_docmd.c:2701)
==15791==    by 0x470E70: do_cmdline (ex_docmd.c:1126)
==15791==    by 0x50267C: nv_colon (normal.c:5308)
==15791==    by 0x4FB183: normal_cmd (normal.c:1156)
==15791==    by 0x5FB29C: main_loop (main.c:1326)
==15791==    by 0x5FABA8: main (main.c:1026)
==15791==  Uninitialised value was created by a stack allocation
==15791==    at 0x5DA92B: match_add (window.c:6761)
==15791==

Compiling with gcc -O2, I also get this compilation warning
which also points to the same bug:

screen.c:7471:3: warning: 'nmatched' may be used uninitialized in this
function [-Wmaybe-uninitialized]

Bug is introduced in vim-7.4.330.

Attached patch fixes it but but I don't understand this
code enough to tell whether it's correct, so please
review it. Patch also fixes a typo in :help matchaddpos().

Regards
Dominique

-- 
-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

--- 
You received this message because you are subscribed to the Google Groups 
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

diff -r 6973f595e1e9 runtime/doc/eval.txt
--- a/runtime/doc/eval.txt	Tue Jun 17 23:18:01 2014 +0200
+++ b/runtime/doc/eval.txt	Tue Jun 17 23:23:41 2014 +0200
@@ -4391,7 +4391,7 @@
 		required, for example to highlight matching parentheses.
 
 		The list {pos} can contain one of these items:
-		- A number.  This while line will be highlighted.  The first
+		- A number.  This whole line will be highlighted.  The first
 		  line has number 1.
 		- A list with one number, e.g., [23]. The whole line with this
 		  number will be highlighted.
diff -r 6973f595e1e9 src/screen.c
--- a/src/screen.c	Tue Jun 17 23:18:01 2014 +0200
+++ b/src/screen.c	Tue Jun 17 23:23:41 2014 +0200
@@ -7363,7 +7363,7 @@
     match_T	    *shl;	/* points to search_hl or a match */
     linenr_T	    lnum;
     colnr_T	    mincol;	/* minimal column for a match */
-    matchitem_T	    *cur;	/* to retrieve match postions if any */
+    matchitem_T	    *cur;	/* to retrieve match positions if any */
 {
     linenr_T	l;
     colnr_T	matchcol;
@@ -7461,6 +7461,8 @@
 	{
 	    nmatched = next_search_hl_pos(shl, lnum, &(cur->pos), matchcol);
 	}
+	else
+	    nmatched = 0;
 	if (nmatched == 0)
 	{
 	    shl->lnum = 0;		/* no match found */
diff -r 6973f595e1e9 src/window.c
--- a/src/window.c	Tue Jun 17 23:18:01 2014 +0200
+++ b/src/window.c	Tue Jun 17 23:23:41 2014 +0200
@@ -6809,7 +6809,7 @@
     }
 
     /* Build new match. */
-    m = (matchitem_T *)alloc(sizeof(matchitem_T));
+    m = (matchitem_T *)alloc_clear(sizeof(matchitem_T));
     m->id = id;
     m->priority = prio;
     m->pattern = pat == NULL ? NULL : vim_strsave(pat);
@@ -6835,7 +6835,7 @@
 	    int		len = 1;
 	    list_T	*subl;
 	    listitem_T	*subli;
-	    int		error;
+	    int		error = FALSE;
 
 	    if (li == NULL)
 	    {

[patch] fixed valgrind errors introduced by vim-7.4.330

Raspunde prin e-mail lui