[patch] fixed crash in f_assert_fails(...)

[Dominique Pellé]

Hi

afl-fuzz found another crash in vim-7.4.1558:

$ vim -U NONE -N -c "call assert_fails('l', json_decode('{}'))"
Vim: Caught deadly signal SEGV
Vim: Finished.
Segmentation fault (core dumped)

Valgrind reports:

==4665== Memcheck, a memory error detector
==4665== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==4665== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==4665== Command: ./vim -u NONE -N -S c.vim -c qa!
==4665==
==4665== Invalid read of size 1
==4665==    at 0x403381C: strstr (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==4665==    by 0x8083E96: f_assert_fails (eval.c:9307)
==4665==    by 0x80830C6: call_func (eval.c:8798)
==4665==    by 0x8082B9A: get_func_tv (eval.c:8597)
==4665==    by 0x807B6CB: ex_call (eval.c:3526)
==4665==    by 0x80B78EB: do_one_cmd (ex_docmd.c:2921)
==4665==    by 0x80B4BF7: do_cmdline (ex_docmd.c:1107)
==4665==    by 0x80B2B42: do_source (ex_cmds2.c:3727)
==4665==    by 0x80B223A: cmd_source (ex_cmds2.c:3340)
==4665==    by 0x80B2198: ex_source (ex_cmds2.c:3315)
==4665==    by 0x80B78EB: do_one_cmd (ex_docmd.c:2921)
==4665==    by 0x80B4BF7: do_cmdline (ex_docmd.c:1107)
==4665==  Address 0x0 is not stack'd, malloc'd or (recently) free'd

Code in eval.c:

 9284     static void
 9285 f_assert_fails(typval_T *argvars, typval_T *rettv UNUSED)
 9286 {
 ...
 9307         if (strstr((char *)vimvars[VV_ERRMSG].vv_str, error) == NULL)

When crash happens, variable error is NULL at eval.c:9307.
strstr(...) cannot be called with its 2nd argument being NULL.

Attached patch fixes the crash, but please check whether
it's the right way to fix it.

Regards
Dominique

-- 
-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

--- 
You received this message because you are subscribed to the Google Groups 
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to vim_dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

diff --git a/src/eval.c b/src/eval.c
index e045a67..ae98c30 100644
--- a/src/eval.c
+++ b/src/eval.c
@@ -9304,7 +9304,8 @@ f_assert_fails(typval_T *argvars, typval_T *rettv UNUSED)
 	char_u	buf[NUMBUFLEN];
 	char	*error = (char *)get_tv_string_buf_chk(&argvars[1], buf);
 
-	if (strstr((char *)vimvars[VV_ERRMSG].vv_str, error) == NULL)
+	if (error != NULL
+	    && strstr((char *)vimvars[VV_ERRMSG].vv_str, error) == NULL)
 	{
 	    prepare_assert_error(&ga);
 	    fill_assert_error(&ga, &argvars[2], NULL, &argvars[1],