Bug#446268: vim ABRT: glibc: vim: invalid next size (fast): 0x00000000007fd430
martin f krafft
madduck at debian.org
Thu Oct 11 15:25:21 UTC 2007
Package: vim
Version: 1:7.1-056+2
Severity: grave
Grave since I've lost data, though not a lot thanks to .swp files.
Verified with 1:7.1-056+2 on i386 and amd64 by me.
and
< jamessan> madduck: I've reproduce in vim.full and vim.basic
and
< mgedmin> yes, gutsy, vim-gnome 1:7.1-056+2ubuntu2
# script courtesy of James Vega
$ cat crash.vim
set et pi
insert
-- #debian-devel
.
right
$ /usr/bin/vim -u NONE -S crash.vim
*** glibc detected *** vim: malloc(): memory corruption: 0x08238a20 ***
======= Backtrace: =========
/lib/i686/cmov/libc.so.6[0xb76035b6]
/lib/i686/cmov/libc.so.6(__libc_malloc+0x90)[0xb7604f40]
vim(lalloc+0x18)[0x8118618]
vim(alloc_clear+0x1f)[0x811874f]
vim(ga_grow+0x4c)[0x81187cc]
vim[0x80b1753]
vim(getsourceline+0x1d7)[0x80b3e47]
vim(do_cmdline+0xbcf)[0x80c257f]
vim(do_source+0x377)[0x80b41d7]
vim[0x80b4651]
vim[0x80c0a86]
vim(do_cmdline+0x3a9)[0x80c1d59]
vim(do_cmdline_cmd+0x29)[0x80c2da9]
vim(main+0x99a)[0x80f633a]
/lib/i686/cmov/libc.so.6(__libc_start_main+0xe0)[0xb75af050]
vim[0x8071731]
======= Memory map: ========
08048000-081f2000 r-xp 00000000 fe:02 229297 /usr/bin/vim.python
081f2000-081ff000 rw-p 001a9000 fe:02 229297 /usr/bin/vim.python
081ff000-0824b000 rw-p 081ff000 00:00 0 [heap]
b7000000-b7021000 rw-p b7000000 00:00 0
b7021000-b7100000 ---p b7021000 00:00 0
b7181000-b718b000 r-xp 00000000 fe:00 93891 /lib/libgcc_s.so.1
b718b000-b718c000 rw-p 00009000 fe:00 93891 /lib/libgcc_s.so.1
b718c000-b7195000 r-xp 00000000 fe:00 65370 /lib/i686/cmov/libnss_files-2.6.1.so
b7195000-b7197000 rw-p 00008000 fe:00 65370 /lib/i686/cmov/libnss_files-2.6.1.so
b7197000-b719f000 r-xp 00000000 fe:00 65373 /lib/i686/cmov/libnss_nis-2.6.1.so
b719f000-b71a1000 rw-p 00007000 fe:00 65373 /lib/i686/cmov/libnss_nis-2.6.1.so
b71a1000-b71b5000 r-xp 00000000 fe:00 65360 /lib/i686/cmov/libnsl-2.6.1.so
b71b5000-b71b7000 rw-p 00013000 fe:00 65360 /lib/i686/cmov/libnsl-2.6.1.so
b71b7000-b71b9000 rw-p b71b7000 00:00 0
b71b9000-b71c0000 r-xp 00000000 fe:00 65363 /lib/i686/cmov/libnss_compat-2.6.1.so
b71c0000-b71c2000 rw-p 00006000 fe:00 65363 /lib/i686/cmov/libnss_compat-2.6.1.so
b71ce000-b7345000 r--p 00000000 fe:02 65164 /usr/lib/locale/locale-archive
b7345000-b7348000 rw-p b7345000 00:00 0
b7348000-b734c000 r-xp 00000000 fe:02 65666 /usr/lib/libXdmcp.so.6.0.0
b734c000-b734d000 rw-p 00003000 fe:02 65666 /usr/lib/libXdmcp.so.6.0.0
b734d000-b7360000 r-xp 00000000 fe:00 65390 /lib/i686/cmov/libpthread-2.6.1.so
b7360000-b7362000 rw-p 00013000 fe:00 65390 /lib/i686/cmov/libpthread-2.6.1.so
b7362000-b7364000 rw-p b7362000 00:00 0
b7364000-b7389000 r-xp 00000000 fe:02 65265 /usr/lib/libpcre.so.3.12.1
b7389000-b738a000 rw-p 00025000 fe:02 65265 /usr/lib/libpcre.so.3.12.1
b738a000-b73ac000 r-xp 00000000 fe:02 65675 /usr/lib/libpng12.so.0.15.0
b73ac000-b73ad000 rw-p 00021000 fe:02 65675 /usr/lib/libpng12.so.0.15.0
b73ad000-b73ae000 rw-p b73ad000 00:00 0
b73ae000-b73b0000 r-xp 00000000 fe:02 66660 /usr/lib/libXau.so.6.0.0
b73b0000-b73b1000 rw-p 00001000 fe:02 66660 /usr/lib/libXau.so.6.0.0
b73b1000-b73cf000 r-xp 00000000 fe:02 67439 /usr/lib/libexpat.so.1.0.0
b73cf000-b73d1000 rw-p 0001d000 fe:02 67439 /usr/lib/libexpat.so.1.0.0
b73d1000-b73e5000 r-xp 00000000 fe:02 66403 /usr/lib/libz.so.1.2.3.3
b73e5000-b73e6000 rw-p 00013000 fe:02 66403 /usr/lib/libz.so.1.2.3.3
b73e6000-b7451000 r-xp 00000000 fe:02 67905 /usr/lib/libfreetype.so.6.3.16
b7451000-b7455000 rw-p 0006a000 fe:02 67905 /usr/lib/
Vim: Caught deadly signal ABRT
Vim: preserving files...
Vim: Finished.
# valgrind run courtesy of Marius Gedminas
$ valgrind --log-file=vim.log /usr/bin/vim -u NONE -S crash.vim ; reset
$ cat vim.log
==12613== Memcheck, a memory error detector.
==12613== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==12613== Using LibVEX rev 1732, a library for dynamic binary translation.
==12613== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==12613== Using valgrind-3.2.3-Debian, a dynamic binary instrumentation framework.
==12613== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==12613== For more details, rerun with: -v
==12613==
==12613== My PID = 12613, parent PID = 12444. Prog and args are:
==12613== /usr/bin/vim
==12613== -u
==12613== NONE
==12613== -S
==12613== crash.vim
==12613==
==12613== Invalid write of size 1
==12613== at 0x8118170: set_indent (misc1.c:286)
==12613== by 0x80B1EA9: ex_align (ex_cmds.c:233)
==12613== by 0x80C3C72: do_one_cmd (ex_docmd.c:2622)
==12613== by 0x80C5001: do_cmdline (ex_docmd.c:1100)
==12613== by 0x80B6ECA: do_source (ex_cmds2.c:3054)
==12613== by 0x80B74E0: cmd_source (ex_cmds2.c:2684)
==12613== by 0x80C3C72: do_one_cmd (ex_docmd.c:2622)
==12613== by 0x80C5001: do_cmdline (ex_docmd.c:1100)
==12613== by 0x80C6228: do_cmdline_cmd (ex_docmd.c:706)
==12613== by 0x80F9F00: main (main.c:2617)
==12613== Address 0x5364A59 is 0 bytes after a block of size 25 alloc'd
==12613== at 0x4022765: malloc (vg_replace_malloc.c:149)
==12613== by 0x811C897: lalloc (misc2.c:857)
==12613== by 0x811CB48: alloc (misc2.c:756)
==12613== by 0x811836C: set_indent (misc1.c:230)
==12613== by 0x80B1EA9: ex_align (ex_cmds.c:233)
==12613== by 0x80C3C72: do_one_cmd (ex_docmd.c:2622)
==12613== by 0x80C5001: do_cmdline (ex_docmd.c:1100)
==12613== by 0x80B6ECA: do_source (ex_cmds2.c:3054)
==12613== by 0x80B74E0: cmd_source (ex_cmds2.c:2684)
==12613== by 0x80C3C72: do_one_cmd (ex_docmd.c:2622)
==12613== by 0x80C5001: do_cmdline (ex_docmd.c:1100)
==12613== by 0x80C6228: do_cmdline_cmd (ex_docmd.c:706)
==12613==
==12613== Invalid write of size 1
==12613== at 0x8118179: set_indent (misc1.c:284)
==12613== by 0x80B1EA9: ex_align (ex_cmds.c:233)
==12613== by 0x80C3C72: do_one_cmd (ex_docmd.c:2622)
==12613== by 0x80C5001: do_cmdline (ex_docmd.c:1100)
==12613== by 0x80B6ECA: do_source (ex_cmds2.c:3054)
==12613== by 0x80B74E0: cmd_source (ex_cmds2.c:2684)
==12613== by 0x80C3C72: do_one_cmd (ex_docmd.c:2622)
==12613== by 0x80C5001: do_cmdline (ex_docmd.c:1100)
==12613== by 0x80C6228: do_cmdline_cmd (ex_docmd.c:706)
==12613== by 0x80F9F00: main (main.c:2617)
==12613== Address 0x5364A5A is 1 bytes after a block of size 25 alloc'd
==12613== at 0x4022765: malloc (vg_replace_malloc.c:149)
==12613== by 0x811C897: lalloc (misc2.c:857)
==12613== by 0x811CB48: alloc (misc2.c:756)
==12613== by 0x811836C: set_indent (misc1.c:230)
==12613== by 0x80B1EA9: ex_align (ex_cmds.c:233)
==12613== by 0x80C3C72: do_one_cmd (ex_docmd.c:2622)
==12613== by 0x80C5001: do_cmdline (ex_docmd.c:1100)
==12613== by 0x80B6ECA: do_source (ex_cmds2.c:3054)
==12613== by 0x80B74E0: cmd_source (ex_cmds2.c:2684)
==12613== by 0x80C3C72: do_one_cmd (ex_docmd.c:2622)
==12613== by 0x80C5001: do_cmdline (ex_docmd.c:1100)
==12613== by 0x80C6228: do_cmdline_cmd (ex_docmd.c:706)
==12613==
==12613== Invalid write of size 1
==12613== at 0x4023921: memmove (mc_replace_strmem.c:514)
==12613== by 0x8118190: set_indent (misc1.c:289)
==12613== by 0x80B1EA9: ex_align (ex_cmds.c:233)
==12613== by 0x80C3C72: do_one_cmd (ex_docmd.c:2622)
==12613== by 0x80C5001: do_cmdline (ex_docmd.c:1100)
==12613== by 0x80B6ECA: do_source (ex_cmds2.c:3054)
==12613== by 0x80B74E0: cmd_source (ex_cmds2.c:2684)
==12613== by 0x80C3C72: do_one_cmd (ex_docmd.c:2622)
==12613== by 0x80C5001: do_cmdline (ex_docmd.c:1100)
==12613== by 0x80C6228: do_cmdline_cmd (ex_docmd.c:706)
==12613== by 0x80F9F00: main (main.c:2617)
==12613== Address 0x5364A90 is not stack'd, malloc'd or (recently) free'd
==12613==
==12613== Invalid read of size 1
==12613== at 0x8081C40: beginline (edit.c:6388)
==12613== by 0x80B1F03: ex_align (ex_cmds.c:237)
==12613== by 0x80C3C72: do_one_cmd (ex_docmd.c:2622)
==12613== by 0x80C5001: do_cmdline (ex_docmd.c:1100)
==12613== by 0x80B6ECA: do_source (ex_cmds2.c:3054)
==12613== by 0x80B74E0: cmd_source (ex_cmds2.c:2684)
==12613== by 0x80C3C72: do_one_cmd (ex_docmd.c:2622)
==12613== by 0x80C5001: do_cmdline (ex_docmd.c:1100)
==12613== by 0x80C6228: do_cmdline_cmd (ex_docmd.c:706)
==12613== by 0x80F9F00: main (main.c:2617)
==12613== Address 0x5364A59 is 0 bytes after a block of size 25 alloc'd
==12613== at 0x4022765: malloc (vg_replace_malloc.c:149)
==12613== by 0x811C897: lalloc (misc2.c:857)
==12613== by 0x811CB48: alloc (misc2.c:756)
==12613== by 0x811836C: set_indent (misc1.c:230)
==12613== by 0x80B1EA9: ex_align (ex_cmds.c:233)
==12613== by 0x80C3C72: do_one_cmd (ex_docmd.c:2622)
==12613== by 0x80C5001: do_cmdline (ex_docmd.c:1100)
==12613== by 0x80B6ECA: do_source (ex_cmds2.c:3054)
==12613== by 0x80B74E0: cmd_source (ex_cmds2.c:2684)
==12613== by 0x80C3C72: do_one_cmd (ex_docmd.c:2622)
==12613== by 0x80C5001: do_cmdline (ex_docmd.c:1100)
==12613== by 0x80C6228: do_cmdline_cmd (ex_docmd.c:706)
==12613==
==12613== Invalid read of size 1
==12613== at 0x8081C49: beginline (edit.c:6388)
==12613== by 0x80B1F03: ex_align (ex_cmds.c:237)
==12613== by 0x80C3C72: do_one_cmd (ex_docmd.c:2622)
==12613== by 0x80C5001: do_cmdline (ex_docmd.c:1100)
==12613== by 0x80B6ECA: do_source (ex_cmds2.c:3054)
==12613== by 0x80B74E0: cmd_source (ex_cmds2.c:2684)
==12613== by 0x80C3C72: do_one_cmd (ex_docmd.c:2622)
==12613== by 0x80C5001: do_cmdline (ex_docmd.c:1100)
==12613== by 0x80C6228: do_cmdline_cmd (ex_docmd.c:706)
==12613== by 0x80F9F00: main (main.c:2617)
==12613== Address 0x5364A59 is 0 bytes after a block of size 25 alloc'd
==12613== at 0x4022765: malloc (vg_replace_malloc.c:149)
==12613== by 0x811C897: lalloc (misc2.c:857)
==12613== by 0x811CB48: alloc (misc2.c:756)
==12613== by 0x811836C: set_indent (misc1.c:230)
==12613== by 0x80B1EA9: ex_align (ex_cmds.c:233)
==12613== by 0x80C3C72: do_one_cmd (ex_docmd.c:2622)
==12613== by 0x80C5001: do_cmdline (ex_docmd.c:1100)
==12613== by 0x80B6ECA: do_source (ex_cmds2.c:3054)
==12613== by 0x80B74E0: cmd_source (ex_cmds2.c:2684)
==12613== by 0x80C3C72: do_one_cmd (ex_docmd.c:2622)
==12613== by 0x80C5001: do_cmdline (ex_docmd.c:1100)
==12613== by 0x80C6228: do_cmdline_cmd (ex_docmd.c:706)
--12613-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting
--12613-- si_code=1; Faulting address: 0x25566A94; sp: 0x6256DE10
valgrind: the 'impossible' happened:
Killed by fatal signal
==12613== at 0x380205F5: vgPlain_arena_malloc (m_mallocfree.c:190)
==12613== by 0x380364E8: vgPlain_cli_malloc (replacemalloc_core.c:101)
==12613== by 0x3800242E: vgMemCheck_malloc (mc_malloc_wrappers.c:182)
==12613== by 0x38036C42: do_client_request (scheduler.c:1158)
==12613== by 0x3803856D: vgPlain_scheduler (scheduler.c:869)
==12613== by 0x38058963: run_a_thread_NORETURN (syswrap-linux.c:87)
sched status:
running_tid=1
Thread 1: status = VgTs_Runnable
==12613== at 0x4022765: malloc (vg_replace_malloc.c:149)
==12613== by 0x811C897: lalloc (misc2.c:857)
==12613== by 0x811C9CE: alloc_clear (misc2.c:768)
==12613== by 0x811CA4B: ga_grow (misc2.c:1916)
==12613== by 0x80B3D72: get_one_sourceline (ex_cmds2.c:3375)
==12613== by 0x80B6B49: getsourceline (ex_cmds2.c:3285)
==12613== by 0x80C58D3: do_cmdline (ex_docmd.c:996)
==12613== by 0x80B6ECA: do_source (ex_cmds2.c:3054)
==12613== by 0x80B74E0: cmd_source (ex_cmds2.c:2684)
==12613== by 0x80C3C72: do_one_cmd (ex_docmd.c:2622)
==12613== by 0x80C5001: do_cmdline (ex_docmd.c:1100)
==12613== by 0x80C6228: do_cmdline_cmd (ex_docmd.c:706)
==12613== by 0x80F9F00: main (main.c:2617)
--
.''`. martin f. krafft <madduck at debian.org>
: :' : proud Debian developer, author, administrator, and user
`. `'` http://people.debian.org/~madduck - http://debiansystem.info
`- Debian - when you have better things to do than fixing systems
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature (see http://martin-krafft.net/gpg/)
Url : http://lists.alioth.debian.org/pipermail/pkg-vim-maintainers/attachments/20071011/368ba6c1/attachment.pgp
More information about the pkg-vim-maintainers
mailing list