Dominique wrote:
> test3 gives this valgrind errors:
>
> ==14603== Memcheck, a memory error detector
> ==14603== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
> ==14603== Using Valgrind-3.9.0.SVN and LibVEX; rerun with -h for copyright
> info
> ==14603== Command: ../vim -u unix.vim -U NONE --noplugin -s dotest.in test3.in
> ==14603==
> ==14603== Invalid read of size 1
> ==14603== at 0x516CA0: cin_skipcomment (misc1.c:5428)
> ==14603== by 0x518846: cin_has_js_key (misc1.c:5522)
> ==14603== by 0x5146EC: get_c_indent (misc1.c:7588)
> ==14603== by 0x54AEE8: op_reindent (ops.c:704)
> ==14603== by 0x539DD7: do_pending_operator (normal.c:1993)
> ==14603== by 0x537709: normal_cmd (normal.c:1189)
> ==14603== by 0x673358: main_loop (main.c:1326)
> ==14603== by 0x66F50F: main (main.c:1026)
> ==14603== Address 0xe89ba22 is 0 bytes after a block of size 2 alloc'd
> ==14603== at 0x4C2A45D: malloc (vg_replace_malloc.c:291)
> ==14603== by 0x51F000: lalloc (misc2.c:921)
> ==14603== by 0x51EF97: alloc (misc2.c:820)
> ==14603== by 0x51F6C7: vim_strsave (misc2.c:1245)
> ==14603== by 0x513058: get_c_indent (misc1.c:7047)
> ==14603== by 0x54AEE8: op_reindent (ops.c:704)
> ==14603== by 0x539DD7: do_pending_operator (normal.c:1993)
> ==14603== by 0x537709: normal_cmd (normal.c:1189)
> ==14603== by 0x673358: main_loop (main.c:1326)
> ==14603== by 0x66F50F: main (main.c:1026)
> ==14603==
> ==14603== Invalid read of size 1
> ==14603== at 0x518851: cin_has_js_key (misc1.c:5525)
> ==14603== by 0x5146EC: get_c_indent (misc1.c:7588)
> ==14603== by 0x54AEE8: op_reindent (ops.c:704)
> ==14603== by 0x539DD7: do_pending_operator (normal.c:1993)
> ==14603== by 0x537709: normal_cmd (normal.c:1189)
> ==14603== by 0x673358: main_loop (main.c:1326)
> ==14603== by 0x66F50F: main (main.c:1026)
> ==14603== Address 0xe89ba22 is 0 bytes after a block of size 2 alloc'd
> ==14603== at 0x4C2A45D: malloc (vg_replace_malloc.c:291)
> ==14603== by 0x51F000: lalloc (misc2.c:921)
> ==14603== by 0x51EF97: alloc (misc2.c:820)
> ==14603== by 0x51F6C7: vim_strsave (misc2.c:1245)
> ==14603== by 0x513058: get_c_indent (misc1.c:7047)
> ==14603== by 0x54AEE8: op_reindent (ops.c:704)
> ==14603== by 0x539DD7: do_pending_operator (normal.c:1993)
> ==14603== by 0x537709: normal_cmd (normal.c:1189)
> ==14603== by 0x673358: main_loop (main.c:1326)
> ==14603== by 0x66F50F: main (main.c:1026)
>
> misc1.c:
>
> 5501 static int
> 5502 cin_has_js_key(text)
> 5503 char_u *text;
> 5504 {
> ....
> 5517 while (vim_isIDc(*s))
> 5518 ++s;
> 5519 if (*s == quote)
> 5520 ++s;
> 5521
> 5522 s = cin_skipcomment(s);
>
> Function cin_has_js_key(...) is called
> with intput string text="3". At line 5517,
> s is "3", so line 5518 increments s and
> s then points to the end of string s="".
> Since quote=0 (default value), line 5520
> is executed and s then points 1 byte
> beyond the end of string, and line 5522
> then accesses memory beyond the end
> of string.
>
> Attached patch fixes it by initializing
> quote variable default value to
> -1 instead of 0.
Thanks!
--
BEDEVERE: Oooooh!
LAUNCELOT: No "Aaaaarrrrrrggghhh ... " at the back of the throat.
BEDEVERE: No! "Oooooh!" in surprise and alarm!
"Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
