Hi
I see the following error with Valgrind in Vim-7.3a BETA (c81f0a037059)
when doing :wundo foo and when file foo already exists and has size 0:
==4957== Conditional jump or move depends on uninitialised value(s)
==4957== at 0x81BCB49: u_write_undo (undo.c:1293)
==4957== by 0x80AFBE6: ex_wundo (ex_docmd.c:8471)
==4957== by 0x80A70DC: do_one_cmd (ex_docmd.c:2639)
==4957== by 0x80A49B5: do_cmdline (ex_docmd.c:1108)
==4957== by 0x812A219: nv_colon (normal.c:5226)
==4957== by 0x8123AA3: normal_cmd (normal.c:1188)
==4957== by 0x80E71DC: main_loop (main.c:1216)
==4957== by 0x80E6CD3: main (main.c:960)
==4957== Uninitialised value was created by a stack allocation
==4957== at 0x81BC9F2: u_write_undo (undo.c:1226)
undo.c:
1289 char_u buf[2];
1290
1291 vim_read(fd, buf, 2);
1292 close(fd);
1293 if ((buf[0] << 8) + buf[1] != UF_START_MAGIC)
1294 {
1295 if (name != NULL || p_verbose > 0)
1296 smsg((char_u *)_("Will not overwrite,
this is not an undo file: %s"),
1297
file_name);
1298 goto theend;
1299 }
Code did not check whether vim_read() succeeds at line undo.c:1291.
Attached patch fixes it.
-- Dominique
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
diff -r c81f0a037059 src/undo.c
--- a/src/undo.c Mon May 24 22:06:04 2010 +0200
+++ b/src/undo.c Mon May 24 23:41:39 2010 +0200
@@ -1286,11 +1286,12 @@
}
else
{
- char_u buf[2];
+ char_u buf[2];
+ int len;
- vim_read(fd, buf, 2);
+ len = vim_read(fd, buf, 2);
close(fd);
- if ((buf[0] << 8) + buf[1] != UF_START_MAGIC)
+ if (len < 2 || (buf[0] << 8) + buf[1] != UF_START_MAGIC)
{
if (name != NULL || p_verbose > 0)
smsg((char_u *)_("Will not overwrite, this is not an undo file: %s"),
