Hi
test3 gives this valgrind errors:
==14603== Memcheck, a memory error detector
==14603== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==14603== Using Valgrind-3.9.0.SVN and LibVEX; rerun with -h for copyright info
==14603== Command: ../vim -u unix.vim -U NONE --noplugin -s dotest.in test3.in
==14603==
==14603== Invalid read of size 1
==14603== at 0x516CA0: cin_skipcomment (misc1.c:5428)
==14603== by 0x518846: cin_has_js_key (misc1.c:5522)
==14603== by 0x5146EC: get_c_indent (misc1.c:7588)
==14603== by 0x54AEE8: op_reindent (ops.c:704)
==14603== by 0x539DD7: do_pending_operator (normal.c:1993)
==14603== by 0x537709: normal_cmd (normal.c:1189)
==14603== by 0x673358: main_loop (main.c:1326)
==14603== by 0x66F50F: main (main.c:1026)
==14603== Address 0xe89ba22 is 0 bytes after a block of size 2 alloc'd
==14603== at 0x4C2A45D: malloc (vg_replace_malloc.c:291)
==14603== by 0x51F000: lalloc (misc2.c:921)
==14603== by 0x51EF97: alloc (misc2.c:820)
==14603== by 0x51F6C7: vim_strsave (misc2.c:1245)
==14603== by 0x513058: get_c_indent (misc1.c:7047)
==14603== by 0x54AEE8: op_reindent (ops.c:704)
==14603== by 0x539DD7: do_pending_operator (normal.c:1993)
==14603== by 0x537709: normal_cmd (normal.c:1189)
==14603== by 0x673358: main_loop (main.c:1326)
==14603== by 0x66F50F: main (main.c:1026)
==14603==
==14603== Invalid read of size 1
==14603== at 0x518851: cin_has_js_key (misc1.c:5525)
==14603== by 0x5146EC: get_c_indent (misc1.c:7588)
==14603== by 0x54AEE8: op_reindent (ops.c:704)
==14603== by 0x539DD7: do_pending_operator (normal.c:1993)
==14603== by 0x537709: normal_cmd (normal.c:1189)
==14603== by 0x673358: main_loop (main.c:1326)
==14603== by 0x66F50F: main (main.c:1026)
==14603== Address 0xe89ba22 is 0 bytes after a block of size 2 alloc'd
==14603== at 0x4C2A45D: malloc (vg_replace_malloc.c:291)
==14603== by 0x51F000: lalloc (misc2.c:921)
==14603== by 0x51EF97: alloc (misc2.c:820)
==14603== by 0x51F6C7: vim_strsave (misc2.c:1245)
==14603== by 0x513058: get_c_indent (misc1.c:7047)
==14603== by 0x54AEE8: op_reindent (ops.c:704)
==14603== by 0x539DD7: do_pending_operator (normal.c:1993)
==14603== by 0x537709: normal_cmd (normal.c:1189)
==14603== by 0x673358: main_loop (main.c:1326)
==14603== by 0x66F50F: main (main.c:1026)
misc1.c:
5501 static int
5502 cin_has_js_key(text)
5503 char_u *text;
5504 {
....
5517 while (vim_isIDc(*s))
5518 ++s;
5519 if (*s == quote)
5520 ++s;
5521
5522 s = cin_skipcomment(s);
Function cin_has_js_key(...) is called
with intput string text="3". At line 5517,
s is "3", so line 5518 increments s and
s then points to the end of string s="".
Since quote=0 (default value), line 5520
is executed and s then points 1 byte
beyond the end of string, and line 5522
then accesses memory beyond the end
of string.
Attached patch fixes it by initializing
quote variable default value to
-1 instead of 0.
Regards
Dominique
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
diff -r f5c7483cbbb4 src/misc1.c
--- a/src/misc1.c Wed Jul 09 21:18:04 2014 +0200
+++ b/src/misc1.c Wed Jul 09 22:37:34 2014 +0200
@@ -5503,7 +5503,7 @@
char_u *text;
{
char_u *s = skipwhite(text);
- int quote = 0;
+ int quote = -1;
if (*s == '\'' || *s == '"')
{
