Out of memory error using function() in a Vim9 script
32 views
Skip to first unread message
Yegappan Lakshmanan
Feb 20, 2022, 2:16:20 AM2/20/22
to vim_dev
Hi,
The Vim9 LSP plugin (https://github.com/yegappan/lsp) has the
following line in the autoload/lsp/lspserver.vim file:
hover: function(Hover, [lspserver]),
If this line is changed to:
hover: function('Hover', [lspserver]),
then Vim crashes with the "E342: Out of memory! (allocating
18446744073709551608 bytes)" error.
This is because the func_type_add_arg_types() function is called with
argcount set to -1. The valgrind traceback is below:
==109472== Argument 'size' of function malloc has a fishy (possibly
negative) value: -8
==109472== at 0x4843839: malloc (in
/usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==109472== by 0x13F453: lalloc (alloc.c:248)
==109472== by 0x13F35A: alloc_clear (alloc.c:177)
==109472== by 0x3D2273: func_type_add_arg_types (vim9type.c:308)
==109472== by 0x3D296B: typval2type_int (vim9type.c:466)
==109472== by 0x3D2B6D: typval2type (vim9type.c:518)
==109472== by 0x3D268A: typval2type_int (vim9type.c:404)
==109472== by 0x3D2B6D: typval2type (vim9type.c:518)
==109472== by 0x3D2D2A: check_typval_type (vim9type.c:585)
==109472== by 0x3BEF89: exec_instructions (vim9execute.c:4509)
==109472== by 0x3C13BE: call_def_function (vim9execute.c:5188)
==109472== by 0x39E4D8: call_user_func (userfunc.c:2575)
I am not able to come up with a small Vim9 script that reproduces this issue.
Regards,
Yegappan
The Vim9 LSP plugin (https://github.com/yegappan/lsp) has the
following line in the autoload/lsp/lspserver.vim file:
hover: function(Hover, [lspserver]),
If this line is changed to:
hover: function('Hover', [lspserver]),
then Vim crashes with the "E342: Out of memory! (allocating
18446744073709551608 bytes)" error.
This is because the func_type_add_arg_types() function is called with
argcount set to -1. The valgrind traceback is below:
==109472== Argument 'size' of function malloc has a fishy (possibly
negative) value: -8
==109472== at 0x4843839: malloc (in
/usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==109472== by 0x13F453: lalloc (alloc.c:248)
==109472== by 0x13F35A: alloc_clear (alloc.c:177)
==109472== by 0x3D2273: func_type_add_arg_types (vim9type.c:308)
==109472== by 0x3D296B: typval2type_int (vim9type.c:466)
==109472== by 0x3D2B6D: typval2type (vim9type.c:518)
==109472== by 0x3D268A: typval2type_int (vim9type.c:404)
==109472== by 0x3D2B6D: typval2type (vim9type.c:518)
==109472== by 0x3D2D2A: check_typval_type (vim9type.c:585)
==109472== by 0x3BEF89: exec_instructions (vim9execute.c:4509)
==109472== by 0x3C13BE: call_def_function (vim9execute.c:5188)
==109472== by 0x39E4D8: call_user_func (userfunc.c:2575)
I am not able to come up with a small Vim9 script that reproduces this issue.
Regards,
Yegappan
Dominique Pellé
Feb 20, 2022, 3:16:03 AM2/20/22
to vim_dev
valgrind truncates the stack to 12 calls by default.
Can you reproduce with "valgrind --num-callers=50 …"
to have a deeper stack?
Thanks
Dominique
Yegappan Lakshmanan
Feb 20, 2022, 10:04:37 AM2/20/22
to vim_dev
Hi,
The valgrind traceback with "--num-callers=50" is below:
==109742== Argument 'size' of function malloc has a fishy (possibly
negative) value: -8
==109742== at 0x4843839: malloc (in
/usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==109742== by 0x13F453: lalloc (alloc.c:248)
==109742== by 0x13F35A: alloc_clear (alloc.c:177)
==109742== by 0x3D2273: func_type_add_arg_types (vim9type.c:308)
==109742== by 0x3D296B: typval2type_int (vim9type.c:466)
==109742== by 0x3D2B6D: typval2type (vim9type.c:518)
==109742== by 0x3D268A: typval2type_int (vim9type.c:404)
==109742== by 0x3D2B6D: typval2type (vim9type.c:518)
==109742== by 0x3D2D2A: check_typval_type (vim9type.c:585)
==109742== by 0x3BEF89: exec_instructions (vim9execute.c:4509)
==109742== by 0x3C13BE: call_def_function (vim9execute.c:5188)
==109742== by 0x39E4D8: call_user_func (userfunc.c:2575)
==109742== by 0x39F72A: call_user_func_check (userfunc.c:2974)
==109742== by 0x3A07E1: call_func (userfunc.c:3540)
==109742== by 0x39CBAB: get_func_tv (userfunc.c:1782)
==109742== by 0x3A4F00: ex_call (userfunc.c:5412)
==109742== by 0x1D22E1: do_one_cmd (ex_docmd.c:2567)
==109742== by 0x1CF327: do_cmdline (ex_docmd.c:993)
==109742== by 0x309B01: do_source (scriptfile.c:1516)
==109742== by 0x422C86: source_startup_scripts (main.c:3189)
==109742== by 0x41EE1A: main (main.c:412)
Regards,
Yegappan
==109742== Argument 'size' of function malloc has a fishy (possibly
negative) value: -8
==109742== at 0x4843839: malloc (in
/usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==109742== by 0x13F453: lalloc (alloc.c:248)
==109742== by 0x13F35A: alloc_clear (alloc.c:177)
==109742== by 0x3D2273: func_type_add_arg_types (vim9type.c:308)
==109742== by 0x3D296B: typval2type_int (vim9type.c:466)
==109742== by 0x3D2B6D: typval2type (vim9type.c:518)
==109742== by 0x3D268A: typval2type_int (vim9type.c:404)
==109742== by 0x3D2B6D: typval2type (vim9type.c:518)
==109742== by 0x3D2D2A: check_typval_type (vim9type.c:585)
==109742== by 0x3BEF89: exec_instructions (vim9execute.c:4509)
==109742== by 0x3C13BE: call_def_function (vim9execute.c:5188)
==109742== by 0x39E4D8: call_user_func (userfunc.c:2575)
==109742== by 0x39F72A: call_user_func_check (userfunc.c:2974)
==109742== by 0x3A07E1: call_func (userfunc.c:3540)
==109742== by 0x39CBAB: get_func_tv (userfunc.c:1782)
==109742== by 0x3A4F00: ex_call (userfunc.c:5412)
==109742== by 0x1D22E1: do_one_cmd (ex_docmd.c:2567)
==109742== by 0x1CF327: do_cmdline (ex_docmd.c:993)
==109742== by 0x309B01: do_source (scriptfile.c:1516)
==109742== by 0x422C86: source_startup_scripts (main.c:3189)
==109742== by 0x41EE1A: main (main.c:412)
Regards,
Yegappan
Bram Moolenaar
Feb 20, 2022, 11:48:55 AM2/20/22
to vim...@googlegroups.com, Yegappan Lakshmanan
The quoted line is missing context.
--
If your nose runs, and your feet smell, you might be upside down.
/// Bram Moolenaar -- Br...@Moolenaar.net -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
Yegappan Lakshmanan
Feb 21, 2022, 1:30:29 AM2/21/22
to Bram Moolenaar, vim_dev
Hi Bram,
On Sun, Feb 20, 2022 at 8:48 AM Bram Moolenaar <Br...@moolenaar.net> wrote:
>
> Yegappan wrote:
>
> > > > The Vim9 LSP plugin (https://github.com/yegappan/lsp) has the
> > > > following line in the autoload/lsp/lspserver.vim file:
> > > >
> > > > hover: function(Hover, [lspserver]),
> > > >
> > > > If this line is changed to:
> > > >
> > > > hover: function('Hover', [lspserver]),
> > > >
> > > > then Vim crashes with the "E342: Out of memory! (allocating
> > > > 18446744073709551608 bytes)" error.
> > > >
>
------------------------ x.vim ------------------------------
vim9script
import './y.vim' as server
export def Hover()
enddef
def AddServer()
var d: dict<any> = server.NewLspServer()
enddef
AddServer()
---------------------------------------------------------------
------------------------ y.vim ------------------------------
vim9script
def Hover(d: dict<any>): void
enddef
export def NewLspServer(): dict<any>
var d: dict<any> = {}
d->extend({hover: function('Hover', [d])})
return d
enddef
NewLspServer()
---------------------------------------------------------------
With the above two x.vim and y.vim scripts, if you source x.vim,
then Vim crashes.
Regards,
Yegappan
On Sun, Feb 20, 2022 at 8:48 AM Bram Moolenaar <Br...@moolenaar.net> wrote:
>
> Yegappan wrote:
>
> > > > The Vim9 LSP plugin (https://github.com/yegappan/lsp) has the
> > > > following line in the autoload/lsp/lspserver.vim file:
> > > >
> > > > hover: function(Hover, [lspserver]),
> > > >
> > > > If this line is changed to:
> > > >
> > > > hover: function('Hover', [lspserver]),
> > > >
> > > > then Vim crashes with the "E342: Out of memory! (allocating
> > > > 18446744073709551608 bytes)" error.
> > > >
>
> What is the smallest script to reproduce this problem?
> The quoted line is missing context.
>
I am able to reproduce this crash with the following two minimal scripts.
> The quoted line is missing context.
>
------------------------ x.vim ------------------------------
vim9script
import './y.vim' as server
export def Hover()
enddef
def AddServer()
var d: dict<any> = server.NewLspServer()
enddef
AddServer()
---------------------------------------------------------------
------------------------ y.vim ------------------------------
vim9script
def Hover(d: dict<any>): void
enddef
export def NewLspServer(): dict<any>
var d: dict<any> = {}
d->extend({hover: function('Hover', [d])})
return d
enddef
NewLspServer()
---------------------------------------------------------------
With the above two x.vim and y.vim scripts, if you source x.vim,
then Vim crashes.
Regards,
Yegappan
Bram Moolenaar
Feb 21, 2022, 6:51:16 AM2/21/22
to vim...@googlegroups.com, Yegappan Lakshmanan
no arguments while the partial expects at least one argument. It then
ends up with a negative argument count.
--
hundred-and-one symptoms of being an internet addict:
90. Instead of calling you to dinner, your spouse sends e-mail.
Reply all
Reply to author
Forward
0 new messages