On So, 09 Jul 2017, Christian Brabandt wrote:
>
> Oh and POC3 creates this backtrace:
> #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
> #1 0x00007ffff426a3fa in __GI_abort () at abort.c:89
> #2 0x00007ffff42a6bd0 in __libc_message (do_abort=do_abort@entry=2,
> fmt=fmt@entry=0x7ffff439bdd0 "*** Error in `%s': %s: 0x%s ***\n") at
> ../sysdeps/posix/libc_fatal.c:175
> #3 0x00007ffff42acf96 in malloc_printerr (action=3, str=0x7ffff439896a
> "free(): invalid pointer", ptr=<optimized out>, ar_ptr=<optimized out>) at
> malloc.c:5049
> #4 0x00007ffff42ad7de in _int_free (av=0x7ffff45cfb00 <main_arena>,
> p=0x555555a8cf28, have_lock=0) at malloc.c:3905
> #5 0x000055555566eed2 in vim_free (x=0x555555a8cf38) at misc2.c:1793
> #6 0x0000555555734679 in reset_synblock (wp=0x555555a89b00) at syntax.c:3659
> #7 0x000055555559183e in set_curbuf (buf=0x555555a8b7e0, action=0) at
> buffer.c:1694
> #8 0x00005555555916f0 in do_buffer (action=0, start=1, dir=1, count=1,
> forceit=0) at buffer.c:1631
> #9 0x00005555555907e9 in goto_buffer (eap=0x7fffffffc290, start=1, dir=1,
> count=1) at buffer.c:985
> #10 0x00005555555fc44d in ex_buffer (eap=0x7fffffffc290) at ex_docmd.c:5604
> #11 0x00005555555f755b in do_one_cmd (cmdlinep=0x7fffffffc938, sourcing=1,
> cstack=0x7fffffffc490, fgetline=0x555555629e27 <getnextac>,
> cookie=0x7fffffffca70) at ex_docmd.c:2951
> #12 0x00005555555f4076 in do_cmdline (cmdline=0x0, fgetline=0x555555629e27
> <getnextac>, cookie=0x7fffffffca70, flags=7) at ex_docmd.c:1089
> #13 0x000055555562989d in apply_autocmds_group (event=EVENT_BUFADD,
> fname=0x555555a98050 "/home/chrisbra/code/git/vim-src/src/afile",
> fname_io=0x0, force=0, group=-3, buf=0x555555aaa570, eap=0x0) at fileio.c:9645
> #14 0x0000555555628fde in apply_autocmds (event=EVENT_BUFADD, fname=0x0,
> fname_io=0x0, force=0, buf=0x555555aaa570) at fileio.c:9189
> #15 0x000055555559a248 in set_buflisted (on=1) at buffer.c:6083
> #16 0x00005555555e23dd in do_ecmd (fnum=0, ffname=0x555555aa99d0
> "/home/chrisbra/code/git/vim-src/src/afile", sfname=0x555555a9eff0 "afile",
> eap=0x7fffffffcea0, newlnum=1, flags=0, oldwin=0x555555a89b00)
> at ex_cmds.c:4038
> #17 0x00005555555ef0b7 in do_argfile (eap=0x7fffffffcea0, argn=0) at
> ex_cmds2.c:2756
> #18 0x00005555555ef1ae in ex_next (eap=0x7fffffffcea0) at ex_cmds2.c:2793
> #19 0x00005555555f755b in do_one_cmd (cmdlinep=0x7fffffffd548, sourcing=1,
> cstack=0x7fffffffd0a0, fgetline=0x5555555f2233 <getsourceline>,
> cookie=0x7fffffffd6e0) at ex_docmd.c:2951
> #20 0x00005555555f4076 in do_cmdline (cmdline=0x555555a9d9e0 "au * * 1b|bd
> s", fgetline=0x5555555f2233 <getsourceline>, cookie=0x7fffffffd6e0, flags=7)
> at ex_docmd.c:1089
> #21 0x00005555555f1e48 in do_source (fname=0x555555a90143 "POC3",
> check_other=0, is_vimrc=0) at ex_cmds2.c:4378
> #22 0x00005555555f1544 in cmd_source (fname=0x555555a90143 "POC3",
> eap=0x7fffffffd930) at ex_cmds2.c:3991
> #23 0x00005555555f148f in ex_source (eap=0x7fffffffd930) at ex_cmds2.c:3966
> #24 0x00005555555f755b in do_one_cmd (cmdlinep=0x7fffffffdfd8, sourcing=1,
> cstack=0x7fffffffdb30, fgetline=0x0, cookie=0x0) at ex_docmd.c:2951
> #25 0x00005555555f4076 in do_cmdline (cmdline=0x555555a90100 "so POC3",
> fgetline=0x0, cookie=0x0, flags=11) at ex_docmd.c:1089
> #26 0x00005555555f3763 in do_cmdline_cmd (cmd=0x555555a90100 "so POC3") at
> ex_docmd.c:689
> #27 0x00005555557c6e3c in exe_commands (parmp=0x555555a70d80 <params>) at
> main.c:2945
> #28 0x00005555557c3de5 in vim_main2 () at main.c:803
> #29 0x00005555557c3644 in main (argc=9, argv=0x7fffffffe228) at main.c:419
I have analyzed the problem:
curwin->w_s is freed twice:
1) after running closing the current buffer:
#0 buf_freeall (buf=0x555555ab3990, flags=1) at buffer.c:724
#1 0x000055555558ff66 in close_buffer (win=0x0, buf=0x555555ab3990, action=3,
abort_if_last=0) at buffer.c:609
#2 0x00005555555912bf in do_buffer (action=3, start=1, dir=1, count=2,
forceit=0) at buffer.c:1465
#3 0x0000555555590a88 in do_bufdel (command=3, arg=0x555555a9c584 "",
addr_count=1, start_bnr=1, end_bnr=2, forceit=0) at buffer.c:1145
#4 0x00005555555fc3c4 in ex_bunload (eap=0x7fffffffc150) at ex_docmd.c:5583
#5 0x00005555555f755b in do_one_cmd (cmdlinep=0x7fffffffc7f8, sourcing=1,
cstack=0x7fffffffc350, fgetline=0x555555629e27 <getnextac>,
cookie=0x7fffffffc930) at ex_docmd.c:2951
#6 0x00005555555f4076 in do_cmdline (cmdline=0x0, fgetline=0x555555629e27
<getnextac>, cookie=0x7fffffffc930, flags=7) at ex_docmd.c:1089
#7 0x000055555562989d in apply_autocmds_group (event=EVENT_BUFNEW,
fname=0x555555ab35d0 "/home/chrisbra/code/git/vim-src/src/afile", fname_io=0x0,
force=0, group=-3, buf=0x555555ab3990, eap=0x0) at fileio.c:9645
#8 0x0000555555628fde in apply_autocmds (event=EVENT_BUFNEW, fname=0x0,
fname_io=0x0, force=0, buf=0x555555ab3990) at fileio.c:9189
#9 0x0000555555592499 in buflist_new (ffname=0x555555ab2d90
"/home/chrisbra/code/git/vim-src/src/afile", sfname=0x555555aa8ad0 "afile",
lnum=0, flags=2) at buffer.c:2130
#10 0x0000555555594411 in buflist_add (fname=0x555555aa8ad0 "afile", flags=2)
at buffer.c:3294
#11 0x0000555555600905 in alist_add (al=0x555555a741e0 <global_alist>,
fname=0x555555aa8ad0 "afile", set_fnum=1) at ex_docmd.c:8171
#12 0x0000555555600840 in alist_set (al=0x555555a741e0 <global_alist>, count=1,
files=0x555555ab2de0, use_curbuf=0, fnum_list=0x0, fnum_len=0) at
ex_docmd.c:8140
#13 0x00005555555ee760 in do_arglist (str=0x555555aa8505 "afile", what=1,
after=0) at ex_cmds2.c:2487
#14 0x00005555555ef176 in ex_next (eap=0x7fffffffce90) at ex_cmds2.c:2787
#15 0x00005555555f755b in do_one_cmd (cmdlinep=0x7fffffffd538, sourcing=1,
cstack=0x7fffffffd090, fgetline=0x5555555f2233 <getsourceline>,
cookie=0x7fffffffd6d0) at ex_docmd.c:2951
#16 0x00005555555f4076 in do_cmdline (cmdline=0x555555aa83f0 "au * * 1b|bd s",
fgetline=0x5555555f2233 <getsourceline>, cookie=0x7fffffffd6d0, flags=7) at
ex_docmd.c:1089
#17 0x00005555555f1e48 in do_source (fname=0x555555aa4113 "POC3",
check_other=0, is_vimrc=0) at ex_cmds2.c:4378
#18 0x00005555555f1544 in cmd_source (fname=0x555555aa4113 "POC3",
eap=0x7fffffffd920) at ex_cmds2.c:3991
#19 0x00005555555f148f in ex_source (eap=0x7fffffffd920) at ex_cmds2.c:3966
#20 0x00005555555f755b in do_one_cmd (cmdlinep=0x7fffffffdfc8, sourcing=1,
cstack=0x7fffffffdb20, fgetline=0x0, cookie=0x0) at ex_docmd.c:2951
#21 0x00005555555f4076 in do_cmdline (cmdline=0x555555a90f90 "so POC3",
fgetline=0x0, cookie=0x0, flags=11) at ex_docmd.c:1089
#22 0x00005555555f3763 in do_cmdline_cmd (cmd=0x555555a90f90 "so POC3") at
ex_docmd.c:689
#23 0x00005555557c7062 in exe_commands (parmp=0x555555a71d80 <params>) at
main.c:2945
#24 0x00005555557c400b in vim_main2 () at main.c:803
#25 0x00005555557c386a in main (argc=10, argv=0x7fffffffe218) at main.c:419
Then the second time, when calling set_curbuf():
#0 reset_synblock (wp=0x555555a8ab00) at syntax.c:3657
#1 0x00005555555903d0 in buf_freeall (buf=0x555555a8c7e0, flags=1) at
buffer.c:793
#2 0x000055555558ff66 in close_buffer (win=0x555555a8ab00, buf=0x555555a8c7e0,
action=2, abort_if_last=0) at buffer.c:609
#3 0x00005555555e21d0 in do_ecmd (fnum=0, ffname=0x555555aa8c70
"/home/chrisbra/code/git/vim-src/src/afile", sfname=0x555555aa4130 "afile",
eap=0x7fffffffce90, newlnum=1, flags=0, oldwin=0x555555a8ab00)
at ex_cmds.c:3939
#4 0x00005555555ef0b7 in do_argfile (eap=0x7fffffffce90, argn=0) at
ex_cmds2.c:2756
#5 0x00005555555ef1ae in ex_next (eap=0x7fffffffce90) at ex_cmds2.c:2793
#6 0x00005555555f755b in do_one_cmd (cmdlinep=0x7fffffffd538, sourcing=1,
cstack=0x7fffffffd090, fgetline=0x5555555f2233 <getsourceline>,
cookie=0x7fffffffd6d0) at ex_docmd.c:2951
#7 0x00005555555f4076 in do_cmdline (cmdline=0x555555aa83f0 "au * * 1b|bd s",
fgetline=0x5555555f2233 <getsourceline>, cookie=0x7fffffffd6d0, flags=7) at
ex_docmd.c:1089
#8 0x00005555555f1e48 in do_source (fname=0x555555aa4113 "POC3",
check_other=0, is_vimrc=0) at ex_cmds2.c:4378
#9 0x00005555555f1544 in cmd_source (fname=0x555555aa4113 "POC3",
eap=0x7fffffffd920) at ex_cmds2.c:3991
#10 0x00005555555f148f in ex_source (eap=0x7fffffffd920) at ex_cmds2.c:3966
#11 0x00005555555f755b in do_one_cmd (cmdlinep=0x7fffffffdfc8, sourcing=1,
cstack=0x7fffffffdb20, fgetline=0x0, cookie=0x0) at ex_docmd.c:2951
#12 0x00005555555f4076 in do_cmdline (cmdline=0x555555a90f90 "so POC3",
fgetline=0x0, cookie=0x0, flags=11) at ex_docmd.c:1089
#13 0x00005555555f3763 in do_cmdline_cmd (cmd=0x555555a90f90 "so POC3") at
ex_docmd.c:689
#14 0x00005555557c7062 in exe_commands (parmp=0x555555a71d80 <params>) at
main.c:2945
#15 0x00005555557c400b in vim_main2 () at main.c:803
#16 0x00005555557c386a in main (argc=10, argv=0x7fffffffe218) at main.c:419
So at that time, we get a double free and Vim terminates.
Best,
Christian
--
Die Achtung, die ein Mensch verdient, und sein Wert hängen ab von
seinem Mut und seinem Willen: Hierin liegt seine wahre Ehre.
-- Michel Eyquem de Montaigne (Die Essais)
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to vim_dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
