Hi
Vim-7.3d (2467:7f578da7edb2) accesses uninitialized memory when
encrypting an empty buffer with cryptmethod=blowfish:
$ valgrind --num-callers=50 --track-origins=yes --log-file=/tmp/vg.log \
vim -u NONE -N -c 'set cm=blowfish' \
-c 'call feedkeys(":X\<CR>foo\<CR>foo\<CR>:sav! /tmp/foo\<CR>")'
... and /tmp/vg.log contains:
==6126== Use of uninitialised value of size 4
==6126== at 0x805C630: bf_e_block (blowfish.c:340)
==6126== by 0x805CCAB: bf_e_cblock (blowfish.c:385)
==6126== by 0x805D20E: bf_crypt_encode (blowfish.c:611)
==6126== by 0x811AFC9: crypt_encode (misc2.c:3868)
==6126== by 0x80FDFFB: ml_encrypt_data (memline.c:4849)
==6126== by 0x80F6422: mf_write_block (memfile.c:1165)
==6126== by 0x80F632D: mf_write (memfile.c:1121)
==6126== by 0x80F59A4: mf_sync (memfile.c:599)
==6126== by 0x80FA11D: ml_preserve (memline.c:2330)
==6126== by 0x80C8919: buf_write (fileio.c:4160)
==6126== by 0x809832D: do_write (ex_cmds.c:2706)
==6126== by 0x8097DF0: ex_write (ex_cmds.c:2519)
==6126== by 0x80A85C8: do_one_cmd (ex_docmd.c:2656)
==6126== by 0x80A5EA1: do_cmdline (ex_docmd.c:1122)
==6126== by 0x812E54B: nv_colon (normal.c:5319)
==6126== by 0x8127BE7: normal_cmd (normal.c:1190)
==6126== by 0x80E8ECF: main_loop (main.c:1260)
==6126== by 0x80E8904: main (main.c:965)
==6126== Uninitialised value was created by a heap allocation
==6126== at 0x4024F70: malloc (vg_replace_malloc.c:236)
==6126== by 0x8117E4E: lalloc (misc2.c:920)
==6126== by 0x8117D3E: alloc (misc2.c:818)
==6126== by 0x80F4F79: mf_open (memfile.c:133)
==6126== by 0x80F68D7: ml_open (memline.c:311)
==6126== by 0x8053830: open_buffer (buffer.c:93)
==6126== by 0x80EABB0: create_windows (main.c:2597)
==6126== by 0x80E8598: main (main.c:809)
(and more errors after that)
It happens with 'cm=blowfish' but not with 'cm=zip'.
I have not found the fix yet.
Regards
-- Dominique
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
