On Thu, Feb 4, 2010 at 8:58 PM, Eric Van Dewoestine wrote:
> I'm able to reliably reproduce the crash with the latest vim sources
> (7.2.356) using the following steps:
> 1. open a file in eclipse using an embedded gvim instance (same issue
> occurs launching an external instance which also communicates back
> to eclipse over the netbeans interface).
> 2. ensure the file has a lot lines (1500+ is what I've been testing
> 3. pick a random line and attempt to join 2 lines via J. At this point
> gvim almost always crashes with:
> *** glibc detected *** /home/ervandew/vim-env/bin/gvim:
> double free or corruption (fasttop): 0x09724b10 ***
I can reproduce the problem on vim 7.2.356 with pyclewn:
* modify pyclewn code: comment out the lines containing
`setReadOnly` and `stopDocumentListen` in order to receive
`insert` and `remove` netbeans events
* grow the `(clewn)_console` buffer up to 1500 lines or more
* join two lines in the middle of this buffer by hitting 'J'
The corresponding gdb backtrace is below, and the corresponding
valgrind log is attached to this mail.
The valgind log shows that the invalid free() occurs because of a
recursive call to ml_flush_line() when netbeans is updating the buffer
and gets the cursor position.
Preventing the recursive call fixes the crash.
I have attached the corresponding patch.
Can you check if the patch fixes the problem for you too.
Program received signal SIGABRT, Aborted.
[Switching to Thread -1218942400 (LWP 21448)]
0xb7f0e410 in ?? ()
#0 0xb7f0e410 in ?? ()
#1 0xbfab861c in ?? ()
#2 0x00000006 in ?? ()
#3 0x000053c8 in ?? ()
#4 0xb77d2811 in raise () from /lib/tls/i686/cmov/libc.so.6
#5 0xb77d3fb9 in abort () from /lib/tls/i686/cmov/libc.so.6
#6 0xb7807dfa in __fsetlocking () from /lib/tls/i686/cmov/libc.so.6
#7 0xb780f68f in mallopt () from /lib/tls/i686/cmov/libc.so.6
#8 0xb780f732 in free () from /lib/tls/i686/cmov/libc.so.6
#9 0x081063ae in vim_free (x=0x83cc0e8) at misc2.c:1647
#10 0x080eb928 in ml_flush_line (buf=0x83c0340) at memline.c:3162
#11 0x080eaf2f in ml_delete (lnum=833, message=1) at memline.c:2772
#12 0x080fb578 in del_lines (nlines=1, undo=0) at misc1.c:2364
#13 0x08129315 in do_join (insert_space=1) at ops.c:4295
#14 0x08128f1d in do_do_join (count=1, insert_space=1) at ops.c:4159
#15 0x081219f1 in nv_join (cap=0xbfab8aac) at normal.c:9093
#16 0x08114ca8 in normal_cmd (oap=0xbfab8b50, toplevel=1) at normal.c:1188
#17 0x080dcfb7 in main_loop (cmdwin=0, noexmode=0) at main.c:1211
#18 0x080dcabb in main (argc=6, argv=0xbfab8d44) at main.c:955
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php