Hi
Vim-7.4.909 (and earlier) leaks memory when
encountering syntax error E475 or E488:
==18952== 2 bytes in 1 blocks are definitely lost in loss record 1 of 125
==18952== at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18952== by 0x4E27BF: lalloc (misc2.c:921)
==18952== by 0x4E26CD: alloc (misc2.c:820)
==18952== by 0x4E2C13: vim_strnsave (misc2.c:1265)
==18952== by 0x47D42B: ex_match (ex_docmd.c:12115)
==18952== by 0x46E052: do_one_cmd (ex_docmd.c:2961)
==18952== by 0x46AD47: do_cmdline (ex_docmd.c:1133)
==18952== by 0x46A383: do_cmdline_cmd (ex_docmd.c:738)
==18952== by 0x5DD756: exe_commands (main.c:2926)
==18952== by 0x5DAD38: main (main.c:961)
Leak with error E475 can be reproduced with:
$ vim -u NONE -c 'match x'
Leak with error E488 can be reproduced with:
$ vim -u NONE -c 'match x "x" contains'
Attached patch fixes it.
Bug was discovered with afl-fuzz + valgrind.
Regards
Dominique
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
diff --git a/src/ex_docmd.c b/src/ex_docmd.c
index 23514fb..31b51e9 100644
--- a/src/ex_docmd.c
+++ b/src/ex_docmd.c
@@ -12117,6 +12117,7 @@ ex_match(eap)
if (*p == NUL)
{
/* There must be two arguments. */
+ vim_free(g);
EMSG2(_(e_invarg2), eap->arg);
return;
}
@@ -12125,11 +12126,13 @@ ex_match(eap)
{
if (*end != NUL && !ends_excmd(*skipwhite(end + 1)))
{
+ vim_free(g);
eap->errmsg = e_trailing;
return;
}
if (*end != *p)
{
+ vim_free(g);
EMSG2(_(e_invarg2), p);
return;
}
