Loading ...
Sorry, an error occurred while loading the content.

[BUG] Valgrind error while freeing memory in eval_clear

Expand Messages
  • ZyX
    While searching for the bug in my extended-funcref branch I found that *in this branch* it is possible to access freed memory: variable cleared by vars_clear
    Message 1 of 2 , Sep 22, 2013
    • 0 Attachment
      While searching for the bug in my extended-funcref branch I found that *in this branch* it is possible to access freed memory: variable cleared by vars_clear may contain reference to the variable already freed by vim_free(SCRIPT_SV(i)).

      Almost minimal example of environment that is enough for reproducing the bug is attached. Note that only build with EXITFREE defined (normally development build) is subject to this kind of error. To see this error run under valgrind

      vim -u ../vimrc -s efref-valgrind.in

      while being in test/ subdirectory found in the archive. This error happens for both my branch and upstream, but I was thinking it was my failure because I did not have development version of upstream compiled.

      The following patch fixes the problem for me (main idea is that you first clear all variables and only then do actual freeing).

      Note that it may make sense to defer the second cycle (and hence ga_clear() call) until garbage_collect() call (in case reference to script-local scope is saved to a list/dictionary that then became unreferenced), but I am not sure.

      diff -r 8f286037c0d0 src/eval.c
      --- a/src/eval.c Sun Sep 22 13:37:08 2013 +0400
      +++ b/src/eval.c Sun Sep 22 22:13:59 2013 +0400
      @@ -942,10 +942,9 @@

      /* script-local variables */
      for (i = 1; i <= ga_scripts.ga_len; ++i)
      - {
      vars_clear(&SCRIPT_VARS(i));
      + for (i = 1; i <= ga_scripts.ga_len; ++i)
      vim_free(SCRIPT_SV(i));
      - }
      ga_clear(&ga_scripts);

      /* unreferenced lists and dicts */

      --
      --
      You received this message from the "vim_dev" maillist.
      Do not top-post! Type your reply below the text you are replying to.
      For more information, visit http://www.vim.org/maillist.php

      ---
      You received this message because you are subscribed to the Google Groups "vim_dev" group.
      To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
      For more options, visit https://groups.google.com/groups/opt_out.
    • Bram Moolenaar
      ... Thanks for finding this and providing a solution. I ll have to think about whether there is still a way this may fail. -- Emacs is a nice OS - but it
      Message 2 of 2 , Sep 22, 2013
      • 0 Attachment
        ZyX wrote:

        > While searching for the bug in my extended-funcref branch I found that
        > *in this branch* it is possible to access freed memory: variable
        > cleared by vars_clear may contain reference to the variable already
        > freed by vim_free(SCRIPT_SV(i)).
        >
        > Almost minimal example of environment that is enough for reproducing
        > the bug is attached. Note that only build with EXITFREE defined
        > (normally development build) is subject to this kind of error. To see
        > this error run under valgrind
        >
        > vim -u ../vimrc -s efref-valgrind.in
        >
        > while being in test/ subdirectory found in the archive. This error
        > happens for both my branch and upstream, but I was thinking it was my
        > failure because I did not have development version of upstream
        > compiled.
        >
        > The following patch fixes the problem for me (main idea is that you
        > first clear all variables and only then do actual freeing).
        >
        > Note that it may make sense to defer the second cycle (and hence
        > ga_clear() call) until garbage_collect() call (in case reference to
        > script-local scope is saved to a list/dictionary that then became
        > unreferenced), but I am not sure.

        Thanks for finding this and providing a solution. I'll have to think
        about whether there is still a way this may fail.


        --
        Emacs is a nice OS - but it lacks a good text editor.
        That's why I am using Vim. --Anonymous

        /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net \\\
        /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
        \\\ an exciting new programming language -- http://www.Zimbu.org ///
        \\\ help me help AIDS victims -- http://ICCF-Holland.org ///

        --
        --
        You received this message from the "vim_dev" maillist.
        Do not top-post! Type your reply below the text you are replying to.
        For more information, visit http://www.vim.org/maillist.php

        ---
        You received this message because you are subscribed to the Google Groups "vim_dev" group.
        To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
        For more options, visit https://groups.google.com/groups/opt_out.
      Your message has been successfully submitted and would be delivered to recipients shortly.