Dominique Pellé wtoe:
> Vim-7.4.824 (and older) accesses uninitialized memory which can
> sometimes cause a crash when calling vim_free(...) with an invalid
> pointer in clear_tv(). Bug can be reproduced with:
>
> $ valgrind --track-origins=yes vim -u NONE -S bug-tv.vim -c q
>
> ... where bug-tv.vim is the attached file.
>
> Bug was found with afl-fuzz. Attached patch fixes it.
>
> Valgrind reports:
>
> ==3711== Memcheck, a memory error detector
> ==3711== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
> ==3711== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright
> info
> ==3711== Command: /home/pel/sb/vim/src/vim -u NONE -S bug-tv.vim -c q
> ==3711== Parent PID: 2711
> ==3711==
> ==3711== Conditional jump or move depends on uninitialised value(s)
> ==3711== at 0x44294D: clear_tv (eval.c:21076)
> ==3711== by 0x453B5A: eval_index (eval.c:5435)
> ==3711== by 0x446FF8: handle_subscript (eval.c:20987)
[...]
Thanks!
--
MESKIMEN'S LAW
There's never time to do it right, but always time to do it over.
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
