Scenario:
(1) set a loclist:
call setloclist(0, list)
(2) at some point later replace the list:
call setloclist(0, other_list, 'r')
(3) open the quickfix window
lopen
(4) switch to the quickfix window and press Enter to jump to an error:
.ll
The result is a read from free'd memory; valgrind trace included
below. It's easy to make Vim crash from there, but the stack trace
doesn't reveal any additional information.
Sadly, this is not consistently reproducible. I can trigger it in
syntastic, but I can't seem to get the same result in a simple test
file.
/lcd
==10841== Memcheck, a memory error detector
==10841== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==10841== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==10841== Command: ./vim Ejecta.js
==10841== Parent PID: 4692
==10841==
==10841== Invalid read of size 4
==10841== at 0x814C5BB: qf_jump (quickfix.c:1789)
==10841== by 0x814E8E0: ex_cc (quickfix.c:2996)
==10841== by 0x80A83B7: do_one_cmd (ex_docmd.c:2701)
==10841== by 0x80A5ECC: do_cmdline (ex_docmd.c:1126)
==10841== by 0x80A5758: do_cmdline_cmd (ex_docmd.c:731)
==10841== by 0x8123D48: nv_down (normal.c:6102)
==10841== by 0x811BD73: normal_cmd (normal.c:1156)
==10841== by 0x81F394B: main_loop (main.c:1326)
==10841== by 0x81F3307: main (main.c:1026)
==10841== Address 0x79110cc is 12 bytes inside a block of size 36 free'd
==10841== at 0x402A17C: free (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==10841== by 0x810C402: vim_free (misc2.c:1740)
==10841== by 0x814D1B2: qf_free (quickfix.c:2155)
==10841== by 0x815004E: set_errorlist (quickfix.c:3848)
==10841== by 0x80879E8: set_qf_ll_list (eval.c:16825)
==10841== by 0x8087A4B: f_setloclist (eval.c:16846)
==10841== by 0x807D239: call_func (eval.c:8596)
==10841== by 0x807CD7D: get_func_tv (eval.c:8403)
==10841== by 0x8076B9F: ex_call (eval.c:3487)
==10841== by 0x80A83B7: do_one_cmd (ex_docmd.c:2701)
==10841== by 0x80A5ECC: do_cmdline (ex_docmd.c:1126)
==10841== by 0x8091F7F: call_user_func (eval.c:23507)
==10841==
==10841== Invalid read of size 1
==10841== at 0x814C5C9: qf_jump (quickfix.c:1791)
==10841== by 0x814E8E0: ex_cc (quickfix.c:2996)
==10841== by 0x80A83B7: do_one_cmd (ex_docmd.c:2701)
==10841== by 0x80A5ECC: do_cmdline (ex_docmd.c:1126)
==10841== by 0x80A5758: do_cmdline_cmd (ex_docmd.c:731)
==10841== by 0x8123D48: nv_down (normal.c:6102)
==10841== by 0x811BD73: normal_cmd (normal.c:1156)
==10841== by 0x81F394B: main_loop (main.c:1326)
==10841== by 0x81F3307: main (main.c:1026)
==10841== Address 0x79110e2 is 34 bytes inside a block of size 36 free'd
==10841== at 0x402A17C: free (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==10841== by 0x810C402: vim_free (misc2.c:1740)
==10841== by 0x814D1B2: qf_free (quickfix.c:2155)
==10841== by 0x815004E: set_errorlist (quickfix.c:3848)
==10841== by 0x80879E8: set_qf_ll_list (eval.c:16825)
==10841== by 0x8087A4B: f_setloclist (eval.c:16846)
==10841== by 0x807D239: call_func (eval.c:8596)
==10841== by 0x807CD7D: get_func_tv (eval.c:8403)
==10841== by 0x8076B9F: ex_call (eval.c:3487)
==10841== by 0x80A83B7: do_one_cmd (ex_docmd.c:2701)
==10841== by 0x80A5ECC: do_cmdline (ex_docmd.c:1126)
==10841== by 0x8091F7F: call_user_func (eval.c:23507)
==10841==
==10841== Invalid read of size 4
==10841== at 0x814C659: qf_jump (quickfix.c:1806)
==10841== by 0x814E8E0: ex_cc (quickfix.c:2996)
==10841== by 0x80A83B7: do_one_cmd (ex_docmd.c:2701)
==10841== by 0x80A5ECC: do_cmdline (ex_docmd.c:1126)
==10841== by 0x80A5758: do_cmdline_cmd (ex_docmd.c:731)
==10841== by 0x8123D48: nv_down (normal.c:6102)
==10841== by 0x811BD73: normal_cmd (normal.c:1156)
==10841== by 0x81F394B: main_loop (main.c:1326)
==10841== by 0x81F3307: main (main.c:1026)
==10841== Address 0x79110cc is 12 bytes inside a block of size 36 free'd
==10841== at 0x402A17C: free (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==10841== by 0x810C402: vim_free (misc2.c:1740)
==10841== by 0x814D1B2: qf_free (quickfix.c:2155)
==10841== by 0x815004E: set_errorlist (quickfix.c:3848)
==10841== by 0x80879E8: set_qf_ll_list (eval.c:16825)
==10841== by 0x8087A4B: f_setloclist (eval.c:16846)
==10841== by 0x807D239: call_func (eval.c:8596)
==10841== by 0x807CD7D: get_func_tv (eval.c:8403)
==10841== by 0x8076B9F: ex_call (eval.c:3487)
==10841== by 0x80A83B7: do_one_cmd (ex_docmd.c:2701)
==10841== by 0x80A5ECC: do_cmdline (ex_docmd.c:1126)
==10841== by 0x8091F7F: call_user_func (eval.c:23507)
==10841==
==10841== Invalid read of size 4
==10841== at 0x814C69D: qf_jump (quickfix.c:1816)
==10841== by 0x814E8E0: ex_cc (quickfix.c:2996)
==10841== by 0x80A83B7: do_one_cmd (ex_docmd.c:2701)
==10841== by 0x80A5ECC: do_cmdline (ex_docmd.c:1126)
==10841== by 0x80A5758: do_cmdline_cmd (ex_docmd.c:731)
==10841== by 0x8123D48: nv_down (normal.c:6102)
==10841== by 0x811BD73: normal_cmd (normal.c:1156)
==10841== by 0x81F394B: main_loop (main.c:1326)
==10841== by 0x81F3307: main (main.c:1026)
==10841== Address 0x79110d8 is 24 bytes inside a block of size 36 free'd
==10841== at 0x402A17C: free (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==10841== by 0x810C402: vim_free (misc2.c:1740)
==10841== by 0x814D1B2: qf_free (quickfix.c:2155)
==10841== by 0x815004E: set_errorlist (quickfix.c:3848)
==10841== by 0x80879E8: set_qf_ll_list (eval.c:16825)
==10841== by 0x8087A4B: f_setloclist (eval.c:16846)
==10841== by 0x807D239: call_func (eval.c:8596)
==10841== by 0x807CD7D: get_func_tv (eval.c:8403)
==10841== by 0x8076B9F: ex_call (eval.c:3487)
==10841== by 0x80A83B7: do_one_cmd (ex_docmd.c:2701)
==10841== by 0x80A5ECC: do_cmdline (ex_docmd.c:1126)
==10841== by 0x8091F7F: call_user_func (eval.c:23507)
==10841==
==10841== Invalid read of size 4
==10841== at 0x814C6AB: qf_jump (quickfix.c:1821)
==10841== by 0x814E8E0: ex_cc (quickfix.c:2996)
==10841== by 0x80A83B7: do_one_cmd (ex_docmd.c:2701)
==10841== by 0x80A5ECC: do_cmdline (ex_docmd.c:1126)
==10841== by 0x80A5758: do_cmdline_cmd (ex_docmd.c:731)
==10841== by 0x8123D48: nv_down (normal.c:6102)
==10841== by 0x811BD73: normal_cmd (normal.c:1156)
==10841== by 0x81F394B: main_loop (main.c:1326)
==10841== by 0x81F3307: main (main.c:1026)
==10841== Address 0x79110c8 is 8 bytes inside a block of size 36 free'd
==10841== at 0x402A17C: free (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==10841== by 0x810C402: vim_free (misc2.c:1740)
==10841== by 0x814D1B2: qf_free (quickfix.c:2155)
==10841== by 0x815004E: set_errorlist (quickfix.c:3848)
==10841== by 0x80879E8: set_qf_ll_list (eval.c:16825)
==10841== by 0x8087A4B: f_setloclist (eval.c:16846)
==10841== by 0x807D239: call_func (eval.c:8596)
==10841== by 0x807CD7D: get_func_tv (eval.c:8403)
==10841== by 0x8076B9F: ex_call (eval.c:3487)
==10841== by 0x80A83B7: do_one_cmd (ex_docmd.c:2701)
==10841== by 0x80A5ECC: do_cmdline (ex_docmd.c:1126)
==10841== by 0x8091F7F: call_user_func (eval.c:23507)
==10841==
==10841== Invalid read of size 4
==10841== at 0x814C6DB: qf_jump (quickfix.c:1828)
==10841== by 0x814E8E0: ex_cc (quickfix.c:2996)
==10841== by 0x80A83B7: do_one_cmd (ex_docmd.c:2701)
==10841== by 0x80A5ECC: do_cmdline (ex_docmd.c:1126)
==10841== by 0x80A5758: do_cmdline_cmd (ex_docmd.c:731)
==10841== by 0x8123D48: nv_down (normal.c:6102)
==10841== by 0x811BD73: normal_cmd (normal.c:1156)
==10841== by 0x81F394B: main_loop (main.c:1326)
==10841== by 0x81F3307: main (main.c:1026)
==10841== Address 0x79110d0 is 16 bytes inside a block of size 36 free'd
==10841== at 0x402A17C: free (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==10841== by 0x810C402: vim_free (misc2.c:1740)
==10841== by 0x814D1B2: qf_free (quickfix.c:2155)
==10841== by 0x815004E: set_errorlist (quickfix.c:3848)
==10841== by 0x80879E8: set_qf_ll_list (eval.c:16825)
==10841== by 0x8087A4B: f_setloclist (eval.c:16846)
==10841== by 0x807D239: call_func (eval.c:8596)
==10841== by 0x807CD7D: get_func_tv (eval.c:8403)
==10841== by 0x8076B9F: ex_call (eval.c:3487)
==10841== by 0x80A83B7: do_one_cmd (ex_docmd.c:2701)
==10841== by 0x80A5ECC: do_cmdline (ex_docmd.c:1126)
==10841== by 0x8091F7F: call_user_func (eval.c:23507)
==10841==
==10841== Invalid read of size 4
==10841== at 0x814C6EE: qf_jump (quickfix.c:1830)
==10841== by 0x814E8E0: ex_cc (quickfix.c:2996)
==10841== by 0x80A83B7: do_one_cmd (ex_docmd.c:2701)
==10841== by 0x80A5ECC: do_cmdline (ex_docmd.c:1126)
==10841== by 0x80A5758: do_cmdline_cmd (ex_docmd.c:731)
==10841== by 0x8123D48: nv_down (normal.c:6102)
==10841== by 0x811BD73: normal_cmd (normal.c:1156)
==10841== by 0x81F394B: main_loop (main.c:1326)
==10841== by 0x81F3307: main (main.c:1026)
==10841== Address 0x79110d0 is 16 bytes inside a block of size 36 free'd
==10841== at 0x402A17C: free (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==10841== by 0x810C402: vim_free (misc2.c:1740)
==10841== by 0x814D1B2: qf_free (quickfix.c:2155)
==10841== by 0x815004E: set_errorlist (quickfix.c:3848)
==10841== by 0x80879E8: set_qf_ll_list (eval.c:16825)
==10841== by 0x8087A4B: f_setloclist (eval.c:16846)
==10841== by 0x807D239: call_func (eval.c:8596)
==10841== by 0x807CD7D: get_func_tv (eval.c:8403)
==10841== by 0x8076B9F: ex_call (eval.c:3487)
==10841== by 0x80A83B7: do_one_cmd (ex_docmd.c:2701)
==10841== by 0x80A5ECC: do_cmdline (ex_docmd.c:1126)
==10841== by 0x8091F7F: call_user_func (eval.c:23507)
==10841==
==10841== Invalid read of size 1
==10841== at 0x814C6F8: qf_jump (quickfix.c:1831)
==10841== by 0x814E8E0: ex_cc (quickfix.c:2996)
==10841== by 0x80A83B7: do_one_cmd (ex_docmd.c:2701)
==10841== by 0x80A5ECC: do_cmdline (ex_docmd.c:1126)
==10841== by 0x80A5758: do_cmdline_cmd (ex_docmd.c:731)
==10841== by 0x8123D48: nv_down (normal.c:6102)
==10841== by 0x811BD73: normal_cmd (normal.c:1156)
==10841== by 0x81F394B: main_loop (main.c:1326)
==10841== by 0x81F3307: main (main.c:1026)
==10841== Address 0x79110e0 is 32 bytes inside a block of size 36 free'd
==10841== at 0x402A17C: free (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==10841== by 0x810C402: vim_free (misc2.c:1740)
==10841== by 0x814D1B2: qf_free (quickfix.c:2155)
==10841== by 0x815004E: set_errorlist (quickfix.c:3848)
==10841== by 0x80879E8: set_qf_ll_list (eval.c:16825)
==10841== by 0x8087A4B: f_setloclist (eval.c:16846)
==10841== by 0x807D239: call_func (eval.c:8596)
==10841== by 0x807CD7D: get_func_tv (eval.c:8403)
==10841== by 0x8076B9F: ex_call (eval.c:3487)
==10841== by 0x80A83B7: do_one_cmd (ex_docmd.c:2701)
==10841== by 0x80A5ECC: do_cmdline (ex_docmd.c:1126)
==10841== by 0x8091F7F: call_user_func (eval.c:23507)
==10841==
==10841==
==10841== HEAP SUMMARY:
==10841== in use at exit: 2,717,034 bytes in 65,496 blocks
==10841== total heap usage: 446,641 allocs, 381,145 frees, 212,361,803 bytes
allocated
==10841==
==10841== LEAK SUMMARY:
==10841== definitely lost: 3,456 bytes in 6 blocks
==10841== indirectly lost: 0 bytes in 0 blocks
==10841== possibly lost: 1,170,341 bytes in 31,976 blocks
==10841== still reachable: 1,543,237 bytes in 33,514 blocks
==10841== suppressed: 0 bytes in 0 blocks
==10841== Rerun with --leak-check=full to see details of leaked memory
==10841==
==10841== For counts of detected and suppressed errors, rerun with: -v
==10841== ERROR SUMMARY: 8 errors from 8 contexts (suppressed: 0 from 0)
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
