The return value from channel_first_nl() should be checked before use in channel.c

Null value check is needed in channel.c file. The vulnerable code is at https://github.com/vim/vim/blob/master/src/channel.c#L3311 . Function channel_first_nl() might return NULL. Therefore, we should check whether nl is NULL or not before using it at line 3322. -- -- You received this

Re: Null pointer dereference vulnerability in src/undo.c

On Monday, February 27, 2017 at 1:30:41 AM UTC+8, Bram Moolenaar wrote: > shqking wrote: > > > One null pointer dereference vulnerability is found in src/undo.c > > (https://github.com/vim/vim/blob/master/src/undo.c) > > > > The code snippet is as follows. > > > > 1383 static u_entry_T * > >

Re: Patch 8.0.0375

Hi Bram, 2017-2-26(Sun) 23:09:12 UTC+9 Bram Moolenaar: > Patch 8.0.0375 > Problem:The "+ register is not tested. > Solution: Add a test using another Vim instance to change the "+ register. > (Kazuki Kuriyama) > Files: src/testdir/test_gui.vim [...] You are mistaking the

Patch 8.0.0381

Patch 8.0.0381 Problem:Diff mode is not sufficiently tested. Solution: Add more diff mode tests. (Dominique Pelle, closes #1515) Files: src/testdir/test_diffmode.vim *** ../vim-8.0.0380/src/testdir/test_diffmode.vim 2017-02-03 23:16:24.349040487 +0100 ---

Re: Patch 8.0.0380

On Sun, Feb 26, 2017 at 7:41 PM, Bram Moolenaar wrote: > > Patch 8.0.0380 > Problem:With 'linebreak' set and 'breakat' includes ">" a double-wide > character results in "<<" displayed. > Solution: Check for the character not to be replaced. (Ozaki Kiichi, >

Patch 8.0.0380

Patch 8.0.0380 Problem:With 'linebreak' set and 'breakat' includes ">" a double-wide character results in "<<" displayed. Solution: Check for the character not to be replaced. (Ozaki Kiichi, closes #1456) Files: src/screen.c, src/testdir/test_listlbr_utf8.vim

Patch 8.0.0379

Patch 8.0.0379 Problem:CTRL-Z and mouse click use CTRL-O unnecessary. Solution: Remove stuffing CTRL-O. (James McCoy, closes #1453) Files: src/edit.c, src/normal.c *** ../vim-8.0.0378/src/edit.c 2017-02-25 14:59:29.902090452 +0100 --- src/edit.c 2017-02-26 18:57:40.030814080 +0100

Re: Null pointer dereference vulnerability in src/undo.c

shqking wrote: > One null pointer dereference vulnerability is found in src/undo.c > (https://github.com/vim/vim/blob/master/src/undo.c) > > The code snippet is as follows. > > 1383 static u_entry_T * > 1384 unserialize_uep(bufinfo_T *bi, int *error, char_u *file_name) > 1385 { > ...

Patch 8.0.0378

Patch 8.0.0378 Problem:Another possible overflow when reading corrupted undo file. Solution: Check if allocated size is not too big. (King) Files: src/undo.c *** ../vim-8.0.0377/src/undo.c 2017-02-26 18:11:32.741651768 +0100 --- src/undo.c 2017-02-26 18:15:58.615822683 +0100

Patch 8.0.0377

Patch 8.0.0377 Problem:Possible overflow when reading corrupted undo file. Solution: Check if allocated size is not too big. (King) Files: src/undo.c *** ../vim-8.0.0376/src/undo.c 2017-01-17 22:09:41.310252893 +0100 --- src/undo.c 2017-02-26 18:10:43.165993259 +0100

Weird memory leak, possible compiler bug

I noticed that when running test97 under valgrind a memory leak is reported: ==6523== 11 bytes in 1 blocks are possibly lost in loss record 114 of 720 ==6523==at 0x4C2CB3F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==6523==by 0x255A29: lalloc (misc2.c:942) ==6523==

Patch 8.0.0376

Patch 8.0.0376 Problem:Size computations in spell file reading are not exactly right. Solution: Make "len" a "long" and check with LONG_MAX. Files: src/spellfile.c *** ../vim-8.0.0375/src/spellfile.c 2017-02-09 21:07:07.040797650 +0100 --- src/spellfile.c 2017-02-26

Re: [patch] quoteplus register test

Kazunobu Kuriyama wrote: > Attached is a patch to add a test on the quoteplus register to test_gui. > > The test launches another gvim instance to see if each of the two quoteplus > registers work properly with the other via the X11 clipboard. Thanks. We need to get $VIMRUNTIME and the

Patch 8.0.0375

Patch 8.0.0375 Problem:The "+ register is not tested. Solution: Add a test using another Vim instance to change the "+ register. (Kazuki Kuriyama) Files: src/testdir/test_gui.vim *** ../vim-8.0.0374/src/testdir/test_gui.vim2017-02-23 19:32:18.068709554 +0100 ---

Re: [bug] invalid memory access in substitute with confirm flag in silent mode

Dominique Pellé wrote: > afl-fuzz found another invalid memory access in > vim-8.0.373 and older: > > $ valgrind vim -u NONE -e -s -c's/^/x' -csc 2>log > > And log contains: > > ==5629== Memcheck, a memory error detector > ==5629== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et

Patch 8.0.0374

Patch 8.0.0374 Problem:Invalid memory access when using :sc in Ex mode. (Dominique Pelle) Solution: Avoid the column being negative. Also fix a hang in Ex mode. Files: src/ex_getln.c, src/ex_cmds.c, src/testdir/test_substitute.vim *** ../vim-8.0.0373/src/ex_getln.c 2017-02-23

[patch] quoteplus register test

Hi, Attached is a patch to add a test on the quoteplus register to test_gui. The test launches another gvim instance to see if each of the two quoteplus registers work properly with the other via the X11 clipboard. Best regards, Kazunobu Kuriyama -- -- You received this message from the