home_replace() calls vim_strchr() on the result of mch_getenv("HOME")
without checking for a NULL value. If $HOME is unset, this causes a segfault
reproducible with 'env -i src/vim /etc/passwd'. (Introduced in v7-3-559.)Fix by guarding vim_strstr(homedir_env, ...) with homedir_env != NULL. Signed-off-by: Chris Webb <[email protected]> --- src/misc1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/misc1.c b/src/misc1.c index 99881dc..579c9da 100644 --- a/src/misc1.c +++ b/src/misc1.c @@ -4497,7 +4497,7 @@ home_replace(buf, src, dst, dstlen, one) homedir_env_orig = homedir_env = mch_getenv((char_u *)"HOME"); #endif #if defined(FEAT_MODIFY_FNAME) || defined(WIN3264) - if (vim_strchr(homedir_env, '~') != NULL) + if (homedir_env != NULL && vim_strchr(homedir_env, '~') != NULL) { int usedlen = 0; int flen; -- 1.7.10 -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php
