Dominique wrote:
> Valgrind or Asan detect access to invalid memory in
> Vim-7.4.823 (and older) when doing:
>
> $ vim -u NONE -c 'syn keyword x a['
>
> Bug was found with afl-fuzz + asan.
>
> Here is valgrind's report:
>
> ==8902== Memcheck, a memory error detector
> ==8902== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
> ==8902== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright
> info
> ==8902== Command: ./vim -u NONE -c syn\ keyword\ x\ a[
> ==8902== Parent PID: 3196
> ==8902==
> ==8902== Invalid read of size 1
> ==8902== at 0x4C2E0E2: strlen (in
> /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==8902== by 0x5466EE: syn_cmd_keyword (syntax.c:4862)
> ==8902== by 0x541A56: ex_syntax (syntax.c:6291)
> ==8902== by 0x45B0D5: do_one_cmd (ex_docmd.c:2941)
> ==8902== by 0x4584C0: do_cmdline (ex_docmd.c:1133)
> ==8902== by 0x5803E9: exe_commands (main.c:2926)
> ==8902== by 0x57E2A7: main (main.c:961)
> ==8902== Address 0xcd33983 is 0 bytes after a block of size 3 alloc'd
> ==8902== at 0x4C2AB80: malloc (in
> /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==8902== by 0x4B3F47: lalloc (misc2.c:921)
> ==8902== by 0x5464BE: syn_cmd_keyword (syntax.c:4821)
> ==8902== by 0x541A56: ex_syntax (syntax.c:6291)
> ==8902== by 0x45B0D5: do_one_cmd (ex_docmd.c:2941)
> ==8902== by 0x4584C0: do_cmdline (ex_docmd.c:1133)
> ==8902== by 0x5803E9: exe_commands (main.c:2926)
> ==8902== by 0x57E2A7: main (main.c:961)
>
> Furthermore, if you put characters after the closing brackets as in:
>
> $ vim -u NONE -c 'syn keyword x ab[c]de fgh'
>
> .. then the "de" trailing characters are silently ignored.
> I think that Vim should report an error for trailing characters
> after closing bracket.
>
> Attached patch fixes the invalid memory access and
> adds an error for spurious characters after closing brackets.
Thanks!
--
ARTHUR: You fight with the strength of many men, Sir knight.
I am Arthur, King of the Britons. [pause]
I seek the finest and the bravest knights in the land to join me
in my Court of Camelot. [pause]
You have proved yourself worthy; will you join me? [pause]
You make me sad. So be it. Come, Patsy.
BLACK KNIGHT: None shall pass.
The Quest for the Holy Grail (Monty Python)
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
