patch for bug in syntax highlighting + spell checker

Sun, 12 Aug 2007 10:10:14 -0700 

Hi,

Valgrind memory checker detects the following bug in
vim-7.1 (patches 1-68) on Linux x86.

==7405== Conditional jump or move depends on uninitialised value(s)
==7405==    at 0x8152C76: spell_move_to (spell.c:2150)
==7405==    by 0x813DC28: win_line (screen.c:3040)
==7405==    by 0x813BC14: win_update (screen.c:1760)
==7405==    by 0x813A022: update_screen (screen.c:522)
==7405==    by 0x80CD213: main_loop (main.c:1109)
==7405==    by 0x80CCF62: main (main.c:939)
==7405==
==7405== Conditional jump or move depends on uninitialised value(s)
==7405==    at 0x8152C8D: spell_move_to (spell.c:2157)
==7405==    by 0x813DC28: win_line (screen.c:3040)
==7405==    by 0x813BC14: win_update (screen.c:1760)
==7405==    by 0x813A022: update_screen (screen.c:522)
==7405==    by 0x80CD213: main_loop (main.c:1109)
==7405==    by 0x80CCF62: main (main.c:939)

Looking at the code, 'can_spell' variable is meant to be initialized
at line spell.c:2148 and then used at line spell.c:2150 and
spell.c:2157:

spell.c:
     2144 # ifdef FEAT_SYN_HL
     2145            if (has_syntax)
     2146            {
     2147                col = (int)(p - buf);
INIT 2148                (void)syn_get_id(wp, lnum, (colnr_T)col,
     2149                                          FALSE, &can_spell);
USE  2150                if (!can_spell)
     2151                   attr = HLF_COUNT;
     2152            }
     2153            else
     2154 #endif
     2155                can_spell = TRUE;
     2156
USE  2157            if (can_spell)
     2158            {

However, there are several paths inside syn_get_id()->get_syntax_attr()
where 'can_spell' may not be initialized (which does happens in practice
since valgrind detects it).

Bug happens with syntax highlighting + spelling checker on a C file.
I can reproduce it 100% of the time by doing something a bit silly
(but that's often how we find bugs): visual select all lines of a
C file, use J command to join all lines (then valgrind detects bug).

I attach a patch which ensures default initialization of 'can_spell'
variable.

-- Dominique

--~--~---------~--~----~------------~-------~--~----~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~----------~----~----~----~------~----~------~--~---


Index: syntax.c
===================================================================
RCS file: /cvsroot/vim/vim7/src/syntax.c,v
retrieving revision 1.70
diff -c -r1.70 syntax.c
*** syntax.c    26 Jul 2007 20:58:19 -0000      1.70
--- syntax.c    12 Aug 2007 17:02:55 -0000
***************
*** 1727,1732 ****
--- 1727,1735 ----
  {
      int           attr = 0;
  
+     if (can_spell != NULL) 
+         *can_spell = FALSE; /* default value */
+ 
      /* check for out of memory situation */
      if (syn_buf->b_sst_array == NULL)
        return 0;

Raspunde prin e-mail lui