Re: [patch] fixed "Floating point exception" in Vim-7.3a

[Bram Moolenaar]

Dominique Pelle wrote:

> I can reproduce a crash "Floating point exception"
> in Vim-7.3a (2245:1bac28a53fae) as follows:
> 
> $ cd /tmp
> $ echo "set cryptmethod=1 undodir=/tmp undofile" > vimrc
> $ rm -f foo .foo*
> $ vim --noplugin -u vimrc -c 'call
> feedkeys("ifoo\<esc>:X\<cr>foo\<cr>foo\<cr>:wq\<cr>")' foo
> $ echo foo > foo
> 
> # Now file "foo" is non-encrypted but its undo file /tmp/%tmp%foo is 
> encrypted.
> # This causes a floating point exception when loading the undo file.
> 
> $ vim --noplugin -u vimrc foo
> foo" 1L, 4CFloating point exception
> 
> Valgrind gives the following error:
> 
> ==6971== Process terminating with default action of signal 8 (SIGFPE)
> ==6971==  Integer divide by zero at address 0x68C9A945
> ==6971==    at 0x805CDEE: bf_key_init (blowfish.c:428)
> ==6971==    by 0x80C6315: prepare_crypt_read (fileio.c:2955)
> ==6971==    by 0x81BF621: u_read_undo (undo.c:1506)
> ==6971==    by 0x80C5AC3: readfile (fileio.c:2590)
> ==6971==    by 0x80539C6: open_buffer (buffer.c:132)
> ==6971==    by 0x80EA049: create_windows (main.c:2545)
> ==6971==    by 0x80E7B03: main (main.c:804)
> 
> blowfish.c:
> 
>   405     void
>   406 bf_key_init(password)
>   407     char_u *password;
>   408 {
>   409     int      i, j, keypos = 0;
>   410     UINT32_T val, data_l, data_r;
>   411     char_u   *key;
>   412     int      keylen;
>   413
>   414     key = sha256_key(password);
>   415     keylen = (int)STRLEN(key);
>   416     for (i = 0; i < 256; ++i)
>   417     {
>   418         sbx[0][i] = sbi[0][i];
>   419         sbx[1][i] = sbi[1][i];
>   420         sbx[2][i] = sbi[2][i];
>   421         sbx[3][i] = sbi[3][i];
>   422     }
>   423
>   424     for (i = 0; i < 18; ++i)
>   425     {
>   426         val = 0;
>   427         for (j = 0; j < 4; ++j)
> !!428             val = (val << 8) | key[keypos++ % keylen];
>   429         pax[i] = ipa[i] ^ val;
>   430     }
> 
> keylen is 0 so division by 0 happens at line 428.
> 
> Attached patch fixes it.

Thanks.  I'll also add a check in bf_key_init() for an empty key, it's
better to give an error message than crashing.

-- 
hundred-and-one symptoms of being an internet addict:
165. You have a web page burned into your glasses

 /// Bram Moolenaar -- b...@moolenaar.net -- http://www.Moolenaar.net   \\\
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\        download, build and distribute -- http://www.A-A-P.org        ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///

-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php