[patch] fixed "Floating point exception" in Vim-7.3a

Sat, 05 Jun 2010 16:24:28 -0700 

Hi

I can reproduce a crash "Floating point exception"
in Vim-7.3a (2245:1bac28a53fae) as follows:

$ cd /tmp
$ echo "set cryptmethod=1 undodir=/tmp undofile" > vimrc
$ rm -f foo .foo*
$ vim --noplugin -u vimrc -c 'call
feedkeys("ifoo\<esc>:X\<cr>foo\<cr>foo\<cr>:wq\<cr>")' foo
$ echo foo > foo

# Now file "foo" is non-encrypted but its undo file /tmp/%tmp%foo is encrypted.
# This causes a floating point exception when loading the undo file.

$ vim --noplugin -u vimrc foo
foo" 1L, 4CFloating point exception

Valgrind gives the following error:

==6971== Process terminating with default action of signal 8 (SIGFPE)
==6971==  Integer divide by zero at address 0x68C9A945
==6971==    at 0x805CDEE: bf_key_init (blowfish.c:428)
==6971==    by 0x80C6315: prepare_crypt_read (fileio.c:2955)
==6971==    by 0x81BF621: u_read_undo (undo.c:1506)
==6971==    by 0x80C5AC3: readfile (fileio.c:2590)
==6971==    by 0x80539C6: open_buffer (buffer.c:132)
==6971==    by 0x80EA049: create_windows (main.c:2545)
==6971==    by 0x80E7B03: main (main.c:804)

blowfish.c:

  405     void
  406 bf_key_init(password)
  407     char_u *password;
  408 {
  409     int      i, j, keypos = 0;
  410     UINT32_T val, data_l, data_r;
  411     char_u   *key;
  412     int      keylen;
  413
  414     key = sha256_key(password);
  415     keylen = (int)STRLEN(key);
  416     for (i = 0; i < 256; ++i)
  417     {
  418         sbx[0][i] = sbi[0][i];
  419         sbx[1][i] = sbi[1][i];
  420         sbx[2][i] = sbi[2][i];
  421         sbx[3][i] = sbi[3][i];
  422     }
  423
  424     for (i = 0; i < 18; ++i)
  425     {
  426         val = 0;
  427         for (j = 0; j < 4; ++j)
!!428             val = (val << 8) | key[keypos++ % keylen];
  429         pax[i] = ipa[i] ^ val;
  430     }

keylen is 0 so division by 0 happens at line 428.

Attached patch fixes it.

Cheers
-- Dominique

-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

diff -r 1bac28a53fae src/undo.c
--- a/src/undo.c	Sat Jun 05 23:22:07 2010 +0200
+++ b/src/undo.c	Sun Jun 06 01:13:09 2010 +0200
@@ -1503,6 +1503,12 @@
     if (version == UF_VERSION_CRYPT)
     {
 #ifdef FEAT_CRYPT
+        if (curbuf->b_p_key == NULL || curbuf->b_p_key[0] == NUL)
+        {
+	    EMSG2(_("E000: Non-encrypted file has encrypted undo file: %s"),
+								file_name);
+	    goto error;
+        }
 	if (prepare_crypt_read(fp) == FAIL)
 	{
 	    EMSG2(_("E826: Undo file decryption failed: %s"), file_name);

Raspunde prin e-mail lui