Description of problem: vim SIGSEGVs while adding comments to C source file Version-Release number of selected component (if applicable): [philippe@victor ~]$ vim --version VIM - Vi IMproved 7.3 (2010 Aug 15, compiled Jun 18 2012 09:16:58) Included patches: 1-415, 417-556 Modified by <bugzilla> Compiled by <bugzilla> Huge version without GUI. Features included (+) or not (-): +arabic +autocmd -balloon_eval -browse ++builtin_terms +byte_offset +cindent -clientserver -clipboard +cmdline_compl +cmdline_hist +cmdline_info +comments +conceal +cryptv +cscope +cursorbind +cursorshape +dialog_con +diff +digraphs -dnd -ebcdic +emacs_tags +eval +ex_extra +extra_search +farsi +file_in_path +find_in_path +float +folding -footer +fork() +gettext -hangul_input +iconv +insert_expand +jumplist +keymap +langmap +libcall +linebreak +lispindent +listcmds +localmap -lua +menu +mksession +modify_fname +mouse -mouseshape +mouse_dec +mouse_gpm -mouse_jsbterm +mouse_netterm -mouse_sysmouse +mouse_xterm +mouse_urxvt +multi_byte +multi_lang -mzscheme +netbeans_intg +path_extra +perl +persistent_undo +postscript +printer +profile +python -python3 +quickfix +reltime +rightleft +ruby +scrollbind +signs +smartindent -sniff +startuptime +statusline -sun_workshop +syntax +tag_binary +tag_old_static -tag_any_white -tcl +terminfo +termresponse +textobjects +title -toolbar +user_commands +vertsplit +virtualedit +visual +visualextra +viminfo +vreplace +wildignore +wildmenu +windows +writebackup -X11 -xfontset -xim -xsmp -xterm_clipboard -xterm_save system vimrc file: "/etc/vimrc" user vimrc file: "$HOME/.vimrc" user exrc file: "$HOME/.exrc" fall-back for $VIM: "/etc" f-b for $VIMRUNTIME: "/usr/share/vim/vim73" Compilation: gcc -c -I. -Iproto -DHAVE_CONFIG_H -I/usr/local/include -O2 -g -pipe -Wall -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=1 Linking: gcc -L. -Wl,-z,relro -rdynamic -Wl,-export-dynamic -Wl,--enable-new-dtags -Wl,-rpath,/usr/lib/perl5/CORE -Wl,-z,relro -L/usr/local/lib -Wl,--as-needed -o vim -lm -lnsl -lselinux -lncurses -lacl -lattr -lgpm -ldl -Wl,--enable-new-dtags -Wl,-rpath,/usr/lib/perl5/CORE -fstack-protector -L/usr/local/lib -L/usr/lib/perl5/CORE -lperl -lresolv -lnsl -ldl -lm -lcrypt -lutil -lpthread -lc -L/usr/lib/python2.7/config -lpython2.7 -lpthread -ldl -lutil -lm -Xlinker -export-dynamic -lruby -lpthread -lrt -ldl -lcrypt -lm How reproducible: Almost reproducible at will. Started recently with the Jun 29 04:05 yum update: May 17 04:37:27 Updated: 2:vim-filesystem-7.3.515-1.fc16.i686 May 17 04:37:35 Updated: 2:vim-common-7.3.515-1.fc16.i686 May 17 04:38:08 Updated: 2:vim-enhanced-7.3.515-1.fc16.i686 May 17 04:38:29 Updated: 2:vim-X11-7.3.515-1.fc16.i686 May 17 04:38:33 Updated: 2:vim-minimal-7.3.515-1.fc16.i686 Jun 29 03:57:28 Updated: 2:vim-filesystem-7.3.556-1.fc17.i686 Jun 29 03:59:44 Updated: 2:vim-common-7.3.556-1.fc17.i686 Jun 29 04:05:19 Updated: 2:vim-X11-7.3.556-1.fc17.i686 Jun 29 04:05:20 Updated: 2:vim-enhanced-7.3.556-1.fc17.i686 Jun 29 04:06:17 Updated: 2:vim-minimal-7.3.556-1.fc17.i686 Jul 17 18:31:42 Installed: 2:vim-debuginfo-7.3.556-1.fc17.i686 Steps to Reproduce: 1. vi a C source file. 2. Add C (not C++) style comments to your code. 3. Actual results: vim crash with a SIGSEGV: [philippe@victor C]$ gdb vim core.22968 GNU gdb (GDB) Fedora (7.4.50.20120120-49.fc17) Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i686-redhat-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/bin/vim...Reading symbols from /usr/lib/debug/usr/bin/vim.debug...done. done. [New LWP 22968] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/libthread_db.so.1". Core was generated by `vim imgid.c'. Program terminated with signal 6, Aborted. #0 0xb7774424 in __kernel_vsyscall () Missing separate debuginfos, use: debuginfo-install libattr-2.4.46-5.fc17.i686 libgcc-4.7.0-5.fc17.i686 nss-softokn-freebl-3.13.4-2.fc17.i686 (gdb) where #0 0xb7774424 in __kernel_vsyscall () #1 0x42dbac66 in kill () at ../sysdeps/unix/syscall-template.S:82 #2 0x08146da1 in may_core_dump () at os_unix.c:3166 #3 0x08148ae7 in may_core_dump () at os_unix.c:3163 #4 mch_exit (r=1) at os_unix.c:3132 #5 0x081c565e in getout (exitval=<optimized out>, exitval@entry=1) at main.c:1466 #6 0x08114550 in preserve_exit () at misc1.c:9053 #7 <signal handler called> #8 0xb7774424 in __kernel_vsyscall () #9 0x42dba95f in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #10 0x42dbc2b3 in __GI_abort () at abort.c:91 #11 0x42df87b5 in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry= 0x42ef9074 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:198 #12 0x42e00139 in malloc_printerr (ptr=0x84dcf70, str= 0x42ef9170 "free(): invalid next size (fast)", action=<optimized out>) at malloc.c:5027 #13 _int_free (av=0x42f36420, p=0x84dcf68, have_lock=0) at malloc.c:3948 #14 0x0810fac9 in open_line (dir=dir@entry=1, flags=2, second_line_indent=second_line_indent@entry=0) at misc1.c:1600 #15 0x0807e615 in ins_eol (c=<optimized out>) at edit.c:9812 ---Type <return> to continue, or q <return> to quit--- #16 ins_eol (c=<optimized out>) at edit.c:9763 #17 0x08086bc7 in edit (cmdchar=cmdchar@entry=105, startln=startln@entry=0, count=<optimized out>) at edit.c:1313 #18 0x08124b12 in invoke_edit (repl=repl@entry=0, cmd=105, startln=startln@entry=0, cap=0xbfdb098c, cap=0xbfdb098c) at normal.c:9143 #19 0x08127188 in nv_edit (cap=0xbfdb098c) at normal.c:9116 #20 nv_edit (cap=0xbfdb098c) at normal.c:9024 #21 0x0812ccc2 in normal_cmd (oap=oap@entry=0xbfdb0a10, toplevel=toplevel@entry=1) at normal.c:1193 #22 0x081c5e4c in main_loop (cmdwin=0, cmdwin@entry=138687048, noexmode=0, noexmode@entry=138687048) at main.c:1294 #23 0x0806942d in main (argc=2, argv=0xbfdb0c34) at main.c:998 So problem in vim's malloc.c source code. Expected results: No crash. C file buffer updated and file ready to be saved. Additional info:
My C comments style are: /* * Text. */ respecting the code identication.
[philippe@victor C]$ ls $HOME/.vimrc ls: cannot access /home/philippe/.vimrc: No such file or directory [philippe@victor C]$ ls $HOME/.exrc ls: cannot access /home/philippe/.exrc: No such file or directory
vim-7.3.638-2.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/vim-7.3.638-2.fc17
Package vim-7.3.638-2.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing vim-7.3.638-2.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-12869/vim-7.3.638-2.fc17 then log in and leave karma (feedback).
Many thanks to Red Hat (meaning you) for his update. However, I can't remember facing any such reported issue with: [philippe@victor ~]$ sudo rpm -qa | grep vim vim-filesystem-7.3.556-1.fc17.i686 vim-X11-7.3.556-1.fc17.i686 vim-common-7.3.556-1.fc17.i686 vim-enhanced-7.3.556-1.fc17.i686 vim-minimal-7.3.556-1.fc17.i686 vim-vimoutliner-0.3.6-1.fc17.noarch Anyhow I shall try as soon as it is available on your mirrors the vim update package you propose me and let you know the outcome. Yours very truly, Philippe Vouters (Fontainebleau/France)
vim-7.3.638-2.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.