Ubuntu

vim.gnome crashed with SIGSEGV in free()

Reported by sibidiba on 2008-02-25
22
This bug affects 1 person
Affects Status Importance Assigned to Milestone
vim (Ubuntu)
Medium
Unassigned

Bug Description

Binary package hint: vim

On current Hardy, vim crashes.

How to reproduce:

1.) start the text-based vim in a terminal window

2.) enter random text

3.) press v to enter visual mode

=> crash

ProblemType: Crash
Architecture: i386
Date: Mon Feb 25 01:37:20 2008
DistroRelease: Ubuntu 8.04
ExecutablePath: /usr/bin/vim.gnome
NonfreeKernelModules: cdrom
Package: vim-gnome 1:7.1-138+1ubuntu3
PackageArchitecture: i386
ProcCmdline: vim .xbindkeysrc
ProcCwd: /home/czigola
Signal: 11
SourcePackage: vim
StacktraceTop:
 free () from /lib/tls/i686/cmov/libc.so.6
 XtFree () from /usr/lib/libXt.so.6
 ?? () from /usr/lib/libXt.so.6
 ?? ()
 ?? ()
Title: vim.gnome crashed with SIGSEGV in free()
Uname: Linux Kamorka 2.6.24-8-generic #1 SMP Thu Feb 14 20:40:45 UTC 2008 i686 GNU/Linux
UserGroups: adm admin audio cdrom dialout dip floppy fuse lpadmin plugdev sambashare vboxusers video

SegvAnalysis:
 Segfault happened at: 0xb7faf410 <__kernel_vsyscall+16>: pop %ebp
 PC (0xb7faf410) ok
 source "%ebp" ok
 destination "(%esp)" (0xbf9dca7c) ok
 SP (0xbf9dca7c) ok
 Reason could not be automatically determined. (Unhandled exception in kernel code?)
SegvReason: Reason could not be automatically determined. (Unhandled exception in kernel code?)

sibidiba (sibidiba) wrote :

StacktraceTop:free () from /lib/tls/i686/cmov/libc.so.6
XtFree (ptr=0xbf900000 <Address 0xbf900000 out of bounds>) at ../../src/Alloc.c:170
GetConversion (ctx=0x8291578, event=0xbf9dd240, target=277, property=432, widget=0x82af478)
HandleSelectionEvents (widget=0x82af478, closure=0x8291578, event=0xbf9dd240,
XtDispatchEventToWidget (widget=0x82af478, event=0xbf9dd240) at ../../src/Event.c:874

Changed in vim:
importance: Undecided → Medium
sibidiba (sibidiba) wrote :

bug still exists

Setting TERM=linux avoids the crash.

Could someone please point out why this happens?

sibidiba (sibidiba) wrote :

Something changed: setting TERM to linux did not helped anymore.

But changing locale settings in /etc/environment/ from hu_HU.utf8 (that is listed in locale -a) to hu_HU.UTF-8 resolved the problem.

Vim-7.1.138 in Ubuntu-8.04 has a known severe bug which causes it to segfault (double free). It happens at least when doing completion on user names.

It's fixed upstream on Oct 30 2007 (more than 1 year ago) in this patch:

7.1.147 (after 7.1.127) freeing memory twice completing user name

I assume you stumbled upon this bug. This bug is probably a duplicate with several other Vim bugs such as Bug #215374 and Bug #219546 (possibly others).

My advice is to compile vim yourself. Latest version of vim is 7.2.26 and it fixes the double free bug and many other bugs.

You can see all the bugs fixed since 7.1.138 there:

ftp://ftp.vim.org/pub/vim/patches/7.1/README
ftp://ftp.vim.org/pub/vim/patches/7.2/README

Any chance to get a newer vim in Ubuntu-8.04?

Kees Cook (kees) on 2009-09-16
description: updated
Kees Cook (kees) on 2010-04-22
description: updated
Changed in vim (Ubuntu):
status: New → Opinion
Philip Muškovac (yofel) wrote :

Please don't change the status without explaining why you're doing so. Especially since Opinion counts as closing the bug, see https://wiki.ubuntu.com/Bugs/Status

Changed in vim (Ubuntu):
status: Opinion → New
PrebenR (randhol) wrote :

I get the same bug in Maveric Ubuntu. I removed vim-gnome and installed vim-gtk and the bug went away.

PrebenR (randhol) wrote :

Ignore my comment above. It also couses crashes. I anyhow only use the vim command in a shell.

Olivier Mengué (dolmen) wrote :

Can not reproduce on Ubuntu Natty. Does it still applies?

Thomas Hotz (thotz) wrote :

Is this still an issue for you? Which Ubuntu version do you use? Thank you for telling us!

Changed in vim (Ubuntu):
status: New → Incomplete

Thomas Hotz wrote:

> Is this still an issue for you?

As I wrote earlier, this issue has been fixed upstream on Oct 30 2007 in this version of Vim:

7.1.147 (after 7.1.127) freeing memory twice completing user name

That's about about 5 years ago now.
I don't think any supported version of Ubuntu uses such an old version of Vim nowadays.
Please close this issue.

Thomas Hotz (thotz) wrote :

Thank you for clarification!

Changed in vim (Ubuntu):
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers