Ubuntu
vim package

vim.gnome crashed with SIGSEGV in free()

Bug #195264 reported by sibidiba
22
This bug affects 1 person
Affects Status Importance Assigned to Milestone
vim (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: vim

On current Hardy, vim crashes.

How to reproduce:

1.) start the text-based vim in a terminal window

2.) enter random text

3.) press v to enter visual mode

=> crash

ProblemType: Crash
Architecture: i386
Date: Mon Feb 25 01:37:20 2008
DistroRelease: Ubuntu 8.04
ExecutablePath: /usr/bin/vim.gnome
NonfreeKernelModules: cdrom
Package: vim-gnome 1:7.1-138+1ubuntu3
PackageArchitecture: i386
ProcCmdline: vim .xbindkeysrc
ProcCwd: /home/czigola
Signal: 11
SourcePackage: vim
StacktraceTop:
 free () from /lib/tls/i686/cmov/libc.so.6
 XtFree () from /usr/lib/libXt.so.6
 ?? () from /usr/lib/libXt.so.6
 ?? ()
 ?? ()
Title: vim.gnome crashed with SIGSEGV in free()
Uname: Linux Kamorka 2.6.24-8-generic #1 SMP Thu Feb 14 20:40:45 UTC 2008 i686 GNU/Linux
UserGroups: adm admin audio cdrom dialout dip floppy fuse lpadmin plugdev sambashare vboxusers video

SegvAnalysis:
 Segfault happened at: 0xb7faf410 <__kernel_vsyscall+16>: pop %ebp
 PC (0xb7faf410) ok
 source "%ebp" ok
 destination "(%esp)" (0xbf9dca7c) ok
 SP (0xbf9dca7c) ok
 Reason could not be automatically determined. (Unhandled exception in kernel code?)
SegvReason: Reason could not be automatically determined. (Unhandled exception in kernel code?)

See original description
Tags: apport-crash
Revision history for this message
sibidiba (sibidiba) wrote :
Revision history for this message
Apport retracing service (apport) wrote : Symbolic stack trace

StacktraceTop:free () from /lib/tls/i686/cmov/libc.so.6
XtFree (ptr=0xbf900000 <Address 0xbf900000 out of bounds>) at ../../src/Alloc.c:170
GetConversion (ctx=0x8291578, event=0xbf9dd240, target=277, property=432, widget=0x82af478)
HandleSelectionEvents (widget=0x82af478, closure=0x8291578, event=0xbf9dd240,
XtDispatchEventToWidget (widget=0x82af478, event=0xbf9dd240) at ../../src/Event.c:874

Revision history for this message
Apport retracing service (apport) wrote : Symbolic threaded stack trace
Changed in vim:
importance: Undecided → Medium
Revision history for this message
sibidiba (sibidiba) wrote :

bug still exists

Setting TERM=linux avoids the crash.

Could someone please point out why this happens?

Revision history for this message
sibidiba (sibidiba) wrote :

Something changed: setting TERM to linux did not helped anymore.

But changing locale settings in /etc/environment/ from hu_HU.utf8 (that is listed in locale -a) to hu_HU.UTF-8 resolved the problem.

Revision history for this message
Dominique Pellé (dominique-pelle) wrote :

Vim-7.1.138 in Ubuntu-8.04 has a known severe bug which causes it to segfault (double free). It happens at least when doing completion on user names.

It's fixed upstream on Oct 30 2007 (more than 1 year ago) in this patch:

7.1.147 (after 7.1.127) freeing memory twice completing user name

I assume you stumbled upon this bug. This bug is probably a duplicate with several other Vim bugs such as Bug #215374 and Bug #219546 (possibly others).

My advice is to compile vim yourself. Latest version of vim is 7.2.26 and it fixes the double free bug and many other bugs.

You can see all the bugs fixed since 7.1.138 there:

ftp://ftp.vim.org/pub/vim/patches/7.1/README
ftp://ftp.vim.org/pub/vim/patches/7.2/README

Any chance to get a newer vim in Ubuntu-8.04?

Kees Cook (kees)
description: updated
Kees Cook (kees)
description: updated
Rajat Khanduja (rajatkhanduja13)
Changed in vim (Ubuntu):
status: New → Opinion
Revision history for this message
Philip Muškovac (yofel) wrote :

Please don't change the status without explaining why you're doing so. Especially since Opinion counts as closing the bug, see https://wiki.ubuntu.com/Bugs/Status

Changed in vim (Ubuntu):
status: Opinion → New
Revision history for this message
PrebenR (randhol) wrote :

I get the same bug in Maveric Ubuntu. I removed vim-gnome and installed vim-gtk and the bug went away.

Revision history for this message
PrebenR (randhol) wrote :

Ignore my comment above. It also couses crashes. I anyhow only use the vim command in a shell.

Revision history for this message
Olivier Mengué (dolmen) wrote :

Can not reproduce on Ubuntu Natty. Does it still applies?

Revision history for this message
Thomas Hotz (thotz-deactivatedaccount) wrote :

Is this still an issue for you? Which Ubuntu version do you use? Thank you for telling us!

Changed in vim (Ubuntu):
status: New → Incomplete
Revision history for this message
Dominique Pellé (dominique-pelle) wrote :

Thomas Hotz wrote:

> Is this still an issue for you?

As I wrote earlier, this issue has been fixed upstream on Oct 30 2007 in this version of Vim:

7.1.147 (after 7.1.127) freeing memory twice completing user name

That's about about 5 years ago now.
I don't think any supported version of Ubuntu uses such an old version of Vim nowadays.
Please close this issue.

Revision history for this message
Thomas Hotz (thotz-deactivatedaccount) wrote :

Thank you for clarification!

Changed in vim (Ubuntu):
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.