[patch] fixed uninitialized memory access + leak in ml_recover()

Sun, 25 Jul 2010 04:22:24 -0700 

Hi

Latest Vim-7.3b BETA (2401:f380d5227fad) accesses uninitialized memory
when doing this:

1) In a terminal, start vim with:
   $ vim -u NONE /tmp/foo
   (this creates a swap file /tmp/.foo.swp)

2) In another terminal, start vim with:
   $ valgrind vim -u NONE /tmp/foo 2> /tmp/vg.log

3) Vim asks...

   Swap file "/tmp/.foo.swp" already exists!
   [O]pen Read-Only, (E)dit anyway, (R)ecover, (Q)uit, (A)bort:

   Type  R  to recover

4) Observe in /tmp/vg.log the following error:

==7569== Conditional jump or move depends on uninitialised value(s)
==7569==    at 0x81347CF: free_string_option (option.c:5316)
==7569==    by 0x8110BC7: set_crypt_method (misc2.c:3785)
==7569==    by 0x80F5DA3: ml_recover (memline.c:1259)
==7569==    by 0x805BBA1: handle_swap_exists (buffer.c:789)
==7569==    by 0x80E7F30: create_windows (main.c:2615)
==7569==    by 0x80E8E63: main (main.c:808)
==7569==
==7569== Conditional jump or move depends on uninitialised value(s)
==7569==    at 0x810FB5B: vim_free (misc2.c:1694)
==7569==    by 0x8110BC7: set_crypt_method (misc2.c:3785)
==7569==    by 0x80F5DA3: ml_recover (memline.c:1259)
==7569==    by 0x805BBA1: handle_swap_exists (buffer.c:789)
==7569==    by 0x80E7F30: create_windows (main.c:2615)
==7569==    by 0x80E8E63: main (main.c:808)

There is also a memory leak:

==14358== 9 bytes in 1 blocks are definitely lost in loss record 21 of 117
==14358==    at 0x4024F70: malloc (vg_replace_malloc.c:236)
==14358==    by 0x8110B37: lalloc (misc2.c:919)
==14358==    by 0x8110DE8: alloc (misc2.c:818)
==14358==    by 0x81114F4: vim_strsave (misc2.c:1236)
==14358==    by 0x81115B0: set_crypt_method (misc2.c:3786)
==14358==    by 0x80F6423: ml_recover (memline.c:1259)
==14358==    by 0x805BC61: handle_swap_exists (buffer.c:789)
==14358==    by 0x80E8560: create_windows (main.c:2615)
==14358==    by 0x80E9493: main (main.c:808)

Vim-7.2.446 is not affected.  I did a bisection and I see that
bug started to appear in in this changeset:

changeset:   2359:d8e4b27cef80
branch:      vim73
user:        Bram Moolenaar <[email protected]>
date:        Tue Jul 20 17:32:38 2010 +0200
summary:     Change 'cryptmethod' from a number to a string option.  Make it glo
bal-local.

Attached patch fixes it.

-- Dominique

-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

Raspunde prin e-mail lui