Dominique wrote:
> ASan (address sanitizer) detects access to invalid memory
> with vim-7.4.683 when doing:
>
> $ vim -u NONE \
> -c 'set re=1' \
> -c 'e crash.txt' \
> -c 'call search(getline("."))'
>
> Where crash.txt is the attached file containing invalid utf8 sequences.
> Here is the report from asan:
>
> =================================================================
> ==5174== ERROR: AddressSanitizer: heap-buffer-overflow on address
> 0x606200019d00 at pc 0x6ed824 bp 0x7fff850bb440 sp 0x7fff850bb438
> READ of size 1 at 0x606200019d00 thread T0
> #0 0x6ed823 in regmatch /home/pel/sb/vim/src/regexp.c:4785
> #1 0x6ea35f in regtry /home/pel/sb/vim/src/regexp.c:4098
[...]
> Attached patch fixes the bug, but I'm not 100% that
> it's the correct way to deal with invalid utf8 regexp.
It should be correct, but strlen() can be slow on long strings. We can
use utf_ptr2len().
> I found the bug using a fuzzer "american fuzzy lop"
> available at http://lcamtuf.coredump.cx/afl/
Let us know if you find more.
--
Men may not be seen publicly in any kind of strapless gown.
[real standing law in Florida, United States of America]
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
