Loading ...
Sorry, an error occurred while loading the content.

Patch 7.0.082

Expand Messages
  • Bram Moolenaar
    Patch 7.0.082 Problem: Calling a function that waits for input may cause List and Dictionary arguments to be freed by the garbage collector. Solution:
    Message 1 of 9 , Sep 3, 2006
    • 0 Attachment
      Patch 7.0.082
      Problem: Calling a function that waits for input may cause List and
      Dictionary arguments to be freed by the garbage collector.
      Solution: Keep a list of all arguments to internal functions.
      Files: src/eval.c


      *** ../vim-7.0.081/src/eval.c Sat Sep 2 13:45:01 2006
      --- src/eval.c Sun Sep 3 15:36:10 2006
      ***************
      *** 248,253 ****
      --- 248,264 ----
      };

      /*
      + * Struct used to make a list of all arguments used in internal functions.
      + */
      + typedef struct av_list_item_S av_list_item_T;
      + struct av_list_item_S {
      + av_list_item_T *avl_next;
      + typval_T *avl_argvars;
      + };
      +
      + av_list_item_T *argvars_list = NULL;
      +
      + /*
      * Info used by a ":for" loop.
      */
      typedef struct
      ***************
      *** 6058,6063 ****
      --- 6069,6075 ----
      int i;
      funccall_T *fc;
      int did_free = FALSE;
      + av_list_item_T *av;
      #ifdef FEAT_WINDOWS
      tabpage_T *tp;
      #endif
      ***************
      *** 6094,6099 ****
      --- 6106,6116 ----
      set_ref_in_ht(&fc->l_avars.dv_hashtab, copyID);
      }

      + /* arguments for internal functions */
      + for (av = argvars_list; av != NULL; av = av->avl_next)
      + for (i = 0; av->avl_argvars[i].v_type != VAR_UNKNOWN; ++i)
      + set_ref_in_item(&av->avl_argvars[i], copyID);
      +
      /*
      * 2. Go through the list of dicts and free items without the copyID.
      */
      ***************
      *** 7537,7545 ****
      --- 7554,7574 ----
      error = ERROR_TOOMANY;
      else
      {
      + av_list_item_T av_list_item;
      +
      + /* Add the arguments to the "argvars_list" to avoid the
      + * garbage collector not seeing them. This isn't needed
      + * for user functions, because the arguments are available
      + * in the a: hashtab. */
      + av_list_item.avl_argvars = argvars;
      + av_list_item.avl_next = argvars_list;
      + argvars_list = &av_list_item;
      +
      argvars[argcount].v_type = VAR_UNKNOWN;
      functions[i].f_func(argvars, rettv);
      error = ERROR_NONE;
      +
      + argvars_list = av_list_item.avl_next;
      }
      }
      }
      *** ../vim-7.0.081/src/version.c Sat Sep 2 17:58:36 2006
      --- src/version.c Sun Sep 3 15:35:16 2006
      ***************
      *** 668,669 ****
      --- 668,671 ----
      { /* Add new patch number below this line */
      + /**/
      + 82,
      /**/

      --
      Just think of all the things we haven't thought of yet.

      /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net \\\
      /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
      \\\ download, build and distribute -- http://www.A-A-P.org ///
      \\\ help me help AIDS victims -- http://ICCF-Holland.org ///
    • Bram Moolenaar
      ... I vaguely recall that some people were having unreproducible crashes when using input() or inputlist(). This patch should solve that. What happened was
      Message 2 of 9 , Sep 3, 2006
      • 0 Attachment
        I wrote:

        > Patch 7.0.082
        > Problem: Calling a function that waits for input may cause List and
        > Dictionary arguments to be freed by the garbage collector.
        > Solution: Keep a list of all arguments to internal functions.
        > Files: src/eval.c

        I vaguely recall that some people were having unreproducible crashes
        when using input() or inputlist(). This patch should solve that.

        What happened was that the garbage collector didn't see the arguments to
        internal functions, thus would free List and Dict arguments that are
        still in use. That leads to a double free later. The garbage collector
        only does it's work when the user doesn't type for a little while, that
        made it unpredictable when it would happen.

        --
        Even got a Datapoint 3600(?) with a DD50 connector instead of the
        usual DB25... what a nightmare trying to figure out the pinout
        for *that* with no spex...

        /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net \\\
        /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
        \\\ download, build and distribute -- http://www.A-A-P.org ///
        \\\ help me help AIDS victims -- http://ICCF-Holland.org ///
      • Hari Krishna Dara
        ... Can this happen during the debug session also? Like, when you do echo on lists? I am seeing that while debugging scripts that use Lists for sometime, Vim
        Message 3 of 9 , Sep 4, 2006
        • 0 Attachment
          On Sun, 3 Sep 2006 at 4:48pm, Bram Moolenaar wrote:

          >
          > I wrote:
          >
          > > Patch 7.0.082
          > > Problem: Calling a function that waits for input may cause List and
          > > Dictionary arguments to be freed by the garbage collector.
          > > Solution: Keep a list of all arguments to internal functions.
          > > Files: src/eval.c
          >
          > I vaguely recall that some people were having unreproducible crashes
          > when using input() or inputlist(). This patch should solve that.
          >
          > What happened was that the garbage collector didn't see the arguments to
          > internal functions, thus would free List and Dict arguments that are
          > still in use. That leads to a double free later. The garbage collector
          > only does it's work when the user doesn't type for a little while, that
          > made it unpredictable when it would happen.

          Can this happen during the debug session also? Like, when you do >echo
          on lists? I am seeing that while debugging scripts that use Lists for
          sometime, Vim almost always crashes. Sometimes, I also start seeing
          internal errors related to List access (sorry, I didn't notedown the
          numbers) before it crashes.

          If there is a debug version of win32 GUI vim available somewhere for
          download, I can use it for my debug sessions to get any additional
          information the next time a crash happens.

          --
          Thanks,
          Hari

          __________________________________________________
          Do You Yahoo!?
          Tired of spam? Yahoo! Mail has the best spam protection around
          http://mail.yahoo.com
        • Bram Moolenaar
          ... Yes, this could also happen in debug mode. If you don t type something for updatetime seconds the garbage collector is invoked. But the fix is only for
          Message 4 of 9 , Sep 4, 2006
          • 0 Attachment
            Hari Krishna Dara wrote:

            > > I wrote:
            > >
            > > > Patch 7.0.082
            > > > Problem: Calling a function that waits for input may cause List and
            > > > Dictionary arguments to be freed by the garbage collector.
            > > > Solution: Keep a list of all arguments to internal functions.
            > > > Files: src/eval.c
            > >
            > > I vaguely recall that some people were having unreproducible crashes
            > > when using input() or inputlist(). This patch should solve that.
            > >
            > > What happened was that the garbage collector didn't see the arguments to
            > > internal functions, thus would free List and Dict arguments that are
            > > still in use. That leads to a double free later. The garbage collector
            > > only does it's work when the user doesn't type for a little while, that
            > > made it unpredictable when it would happen.
            >
            > Can this happen during the debug session also? Like, when you do >echo
            > on lists? I am seeing that while debugging scripts that use Lists for
            > sometime, Vim almost always crashes. Sometimes, I also start seeing
            > internal errors related to List access (sorry, I didn't notedown the
            > numbers) before it crashes.

            Yes, this could also happen in debug mode. If you don't type something
            for 'updatetime' seconds the garbage collector is invoked.

            But the fix is only for when you pass a List or Dictionary to an
            internal function. User functions were already OK.

            Hmm, now that I think of it you could get problems with a command like
            this:

            :echo [1, 2, 3, ..., 2000]

            If you get the "more" prompt the garbage collector might delete the list
            before it's completely echoed. I'll look into that.

            --
            Not too long ago, a program was something you watched on TV...

            /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net \\\
            /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
            \\\ download, build and distribute -- http://www.A-A-P.org ///
            \\\ help me help AIDS victims -- http://ICCF-Holland.org ///
          • Hari Krishna Dara
            ... This is probably what I was doing during the debugging. I will try to notice if an :echo on a list in a long running debug session is what is causing the
            Message 5 of 9 , Sep 5, 2006
            • 0 Attachment
              On Mon, 4 Sep 2006 at 9:50pm, Bram Moolenaar wrote:

              >
              > Hari Krishna Dara wrote:
              >
              > > > I wrote:
              > > >
              > > > > Patch 7.0.082
              > > > > Problem: Calling a function that waits for input may cause List and
              > > > > Dictionary arguments to be freed by the garbage collector.
              > > > > Solution: Keep a list of all arguments to internal functions.
              > > > > Files: src/eval.c
              > > >
              > > > I vaguely recall that some people were having unreproducible crashes
              > > > when using input() or inputlist(). This patch should solve that.
              > > >
              > > > What happened was that the garbage collector didn't see the arguments to
              > > > internal functions, thus would free List and Dict arguments that are
              > > > still in use. That leads to a double free later. The garbage collector
              > > > only does it's work when the user doesn't type for a little while, that
              > > > made it unpredictable when it would happen.
              > >
              > > Can this happen during the debug session also? Like, when you do >echo
              > > on lists? I am seeing that while debugging scripts that use Lists for
              > > sometime, Vim almost always crashes. Sometimes, I also start seeing
              > > internal errors related to List access (sorry, I didn't notedown the
              > > numbers) before it crashes.
              >
              > Yes, this could also happen in debug mode. If you don't type something
              > for 'updatetime' seconds the garbage collector is invoked.
              >
              > But the fix is only for when you pass a List or Dictionary to an
              > internal function. User functions were already OK.
              >
              > Hmm, now that I think of it you could get problems with a command like
              > this:
              >
              > :echo [1, 2, 3, ..., 2000]
              >
              > If you get the "more" prompt the garbage collector might delete the list
              > before it's completely echoed. I'll look into that.
              >

              This is probably what I was doing during the debugging. I will try to
              notice if an :echo on a list in a long running debug session is what is
              causing the crash.

              --
              Thanks,
              Hari

              __________________________________________________
              Do You Yahoo!?
              Tired of spam? Yahoo! Mail has the best spam protection around
              http://mail.yahoo.com
            • Hari Krishna Dara
              ... and ... to ... collector ... I hit the error while debugging again. I did an echo on a list and did a ... immediately, I got this below error: E685:
              Message 6 of 9 , Sep 8, 2006
              • 0 Attachment
                On Tue, 5 Sep 2006 at 5:19pm, Hari Krishna Dara wrote:

                >
                > On Mon, 4 Sep 2006 at 9:50pm, Bram Moolenaar wrote:
                >
                > >
                > > Hari Krishna Dara wrote:
                > >
                > > > > I wrote:
                > > > >
                > > > > > Patch 7.0.082
                > > > > > Problem: Calling a function that waits for input may cause List
                and
                > > > > > Dictionary arguments to be freed by the garbage collector.
                > > > > > Solution: Keep a list of all arguments to internal functions.
                > > > > > Files: src/eval.c
                > > > >
                > > > > I vaguely recall that some people were having unreproducible crashes
                > > > > when using input() or inputlist(). This patch should solve that.
                > > > >
                > > > > What happened was that the garbage collector didn't see the arguments
                to
                > > > > internal functions, thus would free List and Dict arguments that are
                > > > > still in use. That leads to a double free later. The garbage
                collector
                > > > > only does it's work when the user doesn't type for a little while, that
                > > > > made it unpredictable when it would happen.
                > > >
                > > > Can this happen during the debug session also? Like, when you do >echo
                > > > on lists? I am seeing that while debugging scripts that use Lists for
                > > > sometime, Vim almost always crashes. Sometimes, I also start seeing
                > > > internal errors related to List access (sorry, I didn't notedown the
                > > > numbers) before it crashes.
                > >
                > > Yes, this could also happen in debug mode. If you don't type something
                > > for 'updatetime' seconds the garbage collector is invoked.
                > >
                > > But the fix is only for when you pass a List or Dictionary to an
                > > internal function. User functions were already OK.
                > >
                > > Hmm, now that I think of it you could get problems with a command like
                > > this:
                > >
                > > :echo [1, 2, 3, ..., 2000]
                > >
                > > If you get the "more" prompt the garbage collector might delete the list
                > > before it's completely echoed. I'll look into that.
                > >
                >
                > This is probably what I was doing during the debugging. I will try to
                > notice if an :echo on a list in a long running debug session is what is
                > causing the crash.

                I hit the error while debugging again. I did an echo on a list and did a
                >quit after a few seconds. Instead of debug session aborting
                immediately, I got this below error:

                E685: Internal error: clear_tv()

                And it continued executing after that with several errors all seem to be
                because of corrupted list. The list that I echoed is no longer treated
                as a List type and function calls such as sort() that I had after that
                resulted in errors. A subsequent >quit worked and aborted the debug
                session. If I had continued executing debug commands, I am pretty sure
                that it would have resulted in a Vim crash.

                --
                Thanks,
                Hari

                __________________________________________________
                Do You Yahoo!?
                Tired of spam? Yahoo! Mail has the best spam protection around
                http://mail.yahoo.com
              • Bram Moolenaar
                ... Hopefully this happened before applying patch 7.0.084 !? -- ARTHUR: Shut up! Will you shut up! DENNIS: Ah, now we see the violence inherent in the
                Message 7 of 9 , Sep 8, 2006
                • 0 Attachment
                  Hari Krishna Dara wrote:

                  > > > Hmm, now that I think of it you could get problems with a command like
                  > > > this:
                  > > >
                  > > > :echo [1, 2, 3, ..., 2000]
                  > > >
                  > > > If you get the "more" prompt the garbage collector might delete the list
                  > > > before it's completely echoed. I'll look into that.
                  > >
                  > > This is probably what I was doing during the debugging. I will try to
                  > > notice if an :echo on a list in a long running debug session is what is
                  > > causing the crash.
                  >
                  > I hit the error while debugging again. I did an echo on a list and did a
                  > quit after a few seconds. Instead of debug session aborting
                  > immediately, I got this below error:
                  >
                  > E685: Internal error: clear_tv()
                  >
                  > And it continued executing after that with several errors all seem to be
                  > because of corrupted list. The list that I echoed is no longer treated
                  > as a List type and function calls such as sort() that I had after that
                  > resulted in errors. A subsequent >quit worked and aborted the debug
                  > session. If I had continued executing debug commands, I am pretty sure
                  > that it would have resulted in a Vim crash.

                  Hopefully this happened before applying patch 7.0.084 !?

                  --
                  ARTHUR: Shut up! Will you shut up!
                  DENNIS: Ah, now we see the violence inherent in the system.
                  ARTHUR: Shut up!
                  DENNIS: Oh! Come and see the violence inherent in the system!
                  HELP! HELP! I'm being repressed!
                  The Quest for the Holy Grail (Monty Python)

                  /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net \\\
                  /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
                  \\\ download, build and distribute -- http://www.A-A-P.org ///
                  \\\ help me help AIDS victims -- http://ICCF-Holland.org ///
                • Hari Krishna Dara
                  ... list ... Yes, sorry I intend to mention that and forgot. But I thought you are still going to look at more cases that might cause the bug that you were
                  Message 8 of 9 , Sep 8, 2006
                  • 0 Attachment
                    On Fri, 8 Sep 2006 at 11:11pm, Bram Moolenaar wrote:

                    >
                    > Hari Krishna Dara wrote:
                    >
                    > > > > Hmm, now that I think of it you could get problems with a command like
                    > > > > this:
                    > > > >
                    > > > > :echo [1, 2, 3, ..., 2000]
                    > > > >
                    > > > > If you get the "more" prompt the garbage collector might delete the
                    list
                    > > > > before it's completely echoed. I'll look into that.
                    > > >
                    > > > This is probably what I was doing during the debugging. I will try to
                    > > > notice if an :echo on a list in a long running debug session is what is
                    > > > causing the crash.
                    > >
                    > > I hit the error while debugging again. I did an echo on a list and did a
                    > > quit after a few seconds. Instead of debug session aborting
                    > > immediately, I got this below error:
                    > >
                    > > E685: Internal error: clear_tv()
                    > >
                    > > And it continued executing after that with several errors all seem to be
                    > > because of corrupted list. The list that I echoed is no longer treated
                    > > as a List type and function calls such as sort() that I had after that
                    > > resulted in errors. A subsequent >quit worked and aborted the debug
                    > > session. If I had continued executing debug commands, I am pretty sure
                    > > that it would have resulted in a Vim crash.
                    >
                    > Hopefully this happened before applying patch 7.0.084 !?
                    >

                    Yes, sorry I intend to mention that and forgot. But I thought you are
                    still going to look at more cases that might cause the bug that you were
                    originally trying to patch. Do you think this patch already covers the
                    cases that might arise during debugging as well?

                    --
                    Thanks,
                    Hari

                    __________________________________________________
                    Do You Yahoo!?
                    Tired of spam? Yahoo! Mail has the best spam protection around
                    http://mail.yahoo.com
                  • Bram Moolenaar
                    ... Patch 7.0.084 will fix all these problems. It actually looks like it makes 7.0.082 obsolete, I ll remove the list of internal function arguments again. --
                    Message 9 of 9 , Sep 9, 2006
                    • 0 Attachment
                      Hari Krishna Dara wrote:

                      > > > I hit the error while debugging again. I did an echo on a list and did a
                      > > > quit after a few seconds. Instead of debug session aborting
                      > > > immediately, I got this below error:
                      > > >
                      > > > E685: Internal error: clear_tv()
                      > > >
                      > > > And it continued executing after that with several errors all seem to be
                      > > > because of corrupted list. The list that I echoed is no longer treated
                      > > > as a List type and function calls such as sort() that I had after that
                      > > > resulted in errors. A subsequent >quit worked and aborted the debug
                      > > > session. If I had continued executing debug commands, I am pretty sure
                      > > > that it would have resulted in a Vim crash.
                      > >
                      > > Hopefully this happened before applying patch 7.0.084 !?
                      >
                      > Yes, sorry I intend to mention that and forgot. But I thought you are
                      > still going to look at more cases that might cause the bug that you were
                      > originally trying to patch. Do you think this patch already covers the
                      > cases that might arise during debugging as well?

                      Patch 7.0.084 will fix all these problems. It actually looks like it
                      makes 7.0.082 obsolete, I'll remove the list of internal function
                      arguments again.

                      --
                      ARTHUR: What?
                      BLACK KNIGHT: None shall pass.
                      ARTHUR: I have no quarrel with you, good Sir knight, but I must cross
                      this bridge.
                      BLACK KNIGHT: Then you shall die.
                      The Quest for the Holy Grail (Monty Python)

                      /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net \\\
                      /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
                      \\\ download, build and distribute -- http://www.A-A-P.org ///
                      \\\ help me help AIDS victims -- http://ICCF-Holland.org ///
                    Your message has been successfully submitted and would be delivered to recipients shortly.