Loading ...
Sorry, an error occurred while loading the content.
 

Re: (patch) fix use of freed memory with 'set autochdir' and vim built with -DEXITFREE

Expand Messages
  • Dominique Pelle
    ... Yes, resetting autochdir works as well. Thanks! -- Dominique --~--~---------~--~----~------------~-------~--~----~ You received this message from the
    Message 1 of 3 , Mar 27, 2008
      On Wed, Mar 26, 2008 at 10:15 PM, Bram Moolenaar <Bram@...> wrote:

      > Dominique Pelle wrote:
      >
      > > Valgrind memory checker detects use of freed memory in Vim-7.1.285
      > > when using 'set autochdir' and when Vim is compiled with -DEXITFREE.
      > >
      > > ==6925== Invalid read of size 4
      > > ==6925== at 0x8054471: do_autochdir (buffer.c:1472)
      > > ==6925== by 0x8052E31: close_buffer (buffer.c:445)
      > > ==6925== by 0x8113AE3: free_all_mem (misc2.c:1089)
      > > ==6925== by 0x814B244: mch_exit (os_unix.c:2951)
      > > ==6925== by 0x80E6320: getout (main.c:1342)
      > > ==6925== by 0x80AB880: ex_quit (ex_docmd.c:6227)
      > > ==6925== by 0x80A5952: do_one_cmd (ex_docmd.c:2623)
      > > ==6925== by 0x80A319E: do_cmdline (ex_docmd.c:1099)
      > > ==6925== by 0x80A2850: do_cmdline_cmd (ex_docmd.c:705)
      > > ==6925== by 0x80E80CC: exe_commands (main.c:2665)
      > > ==6925== by 0x80E5A9E: main (main.c:875)
      > > ==6925== Address 0x4AF8A9C is 76 bytes inside a block of size 4,516 free'd
      > > ==6925== at 0x402237F: free (vg_replace_malloc.c:233)
      > > ==6925== by 0x8114365: vim_free (misc2.c:1580)
      > > ==6925== by 0x8053182: free_buffer (buffer.c:616)
      > > ==6925== by 0x8052EAA: close_buffer (buffer.c:467)
      > > ==6925== by 0x8113AE3: free_all_mem (misc2.c:1089)
      > > ==6925== by 0x814B244: mch_exit (os_unix.c:2951)
      > > ==6925== by 0x80E6320: getout (main.c:1342)
      > > ==6925== by 0x80AB880: ex_quit (ex_docmd.c:6227)
      > > ==6925== by 0x80A5952: do_one_cmd (ex_docmd.c:2623)
      > > ==6925== by 0x80A319E: do_cmdline (ex_docmd.c:1099)
      > > ==6925== by 0x80A2850: do_cmdline_cmd (ex_docmd.c:705)
      > > ==6925== by 0x80E80CC: exe_commands (main.c:2665)
      > > (more errors follow)
      > >
      > > Steps to reproduce:
      > >
      > > 1/ Run Vim with Valgrind with 2 files:
      > >
      > > $ valgrind vim -u NONE -c 'set autochdir|q!' foo bar 2> valgrind.log
      > >
      > > 2/ Observe in valgrind.log errors when exiting vim
      > >
      > >
      > > Function free_all_mem() frees all buffers calling close_buffer(...)
      > > in a loop on all buffers:
      > >
      > > 1085 /* Free all buffers. */
      > > 1086 for (buf = firstbuf; buf != NULL; )
      > > 1087 {
      > > 1088 nextbuf = buf->b_next;
      > > 1089 close_buffer(NULL, buf, DOBUF_WIPE);
      > > 1090 if (buf_valid(buf))
      > > 1091 buf = nextbuf; /* didn't work, try next one */
      > > 1092 else
      > > 1093 buf = firstbuf;
      > > 1094 }
      > >
      > > Inside close_buffer(), DO_AUTOCHDIR uses both buf (before it's being freed)
      > > and curbuf. The problem is that curbuf may have been already freed in a
      > > previous iteration. So DO_AUTOCHDIR uses freed memory when accessing
      > > curbuf.
      > >
      > > I attach a patch that fixes it by checking whether curbuf is still valid
      > > before calling DO_AUTOCHDIR. Another way of fixing it in misc2.c
      > > could be to free all buffers (except curbuf) and then free curbuf last.
      >
      > How about solving this by resetting 'autochdir' first? This also avoids
      > doing things that don't make sense.
      >
      >
      > *** ../vim-7.1.285/src/misc2.c Wed Feb 20 12:22:59 2008
      > --- src/misc2.c Wed Mar 26 21:02:57 2008
      > ***************
      > *** 1082,1088 ****
      > win_free_all();
      > #endif
      >
      > ! /* Free all buffers. */
      >
      > for (buf = firstbuf; buf != NULL; )
      > {
      > nextbuf = buf->b_next;
      > --- 1083,1093 ----
      > win_free_all();
      > #endif
      >
      > ! /* Free all buffers. Reset 'autochdir' to avoid accessing things that
      > ! * were freed already. */
      > ! #ifdef FEAT_AUTOCHDIR
      > ! p_acd = FALSE;
      > ! #endif
      >
      > for (buf = firstbuf; buf != NULL; )
      > {
      > nextbuf = buf->b_next;


      Yes, resetting 'autochdir' works as well. Thanks!

      -- Dominique

      --~--~---------~--~----~------------~-------~--~----~
      You received this message from the "vim_dev" maillist.
      For more information, visit http://www.vim.org/maillist.php
      -~----------~----~----~----~------~----~------~--~---
    Your message has been successfully submitted and would be delivered to recipients shortly.