Dominique wrote:
> afl-fuzz found another crash in vim-7.4.1558:
>
> $ vim -U NONE -N -c "call assert_fails('l', json_decode('{}'))"
> Vim: Caught deadly signal SEGV
> Vim: Finished.
> Segmentation fault (core dumped)
>
> Valgrind reports:
>
> ==4665== Memcheck, a memory error detector
> ==4665== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
> ==4665== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
> ==4665== Command: ./vim -u NONE -N -S c.vim -c qa!
> ==4665==
> ==4665== Invalid read of size 1
> ==4665== at 0x403381C: strstr (in
> /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
> ==4665== by 0x8083E96: f_assert_fails (eval.c:9307)
> ==4665== by 0x80830C6: call_func (eval.c:8798)
> ==4665== by 0x8082B9A: get_func_tv (eval.c:8597)
> ==4665== by 0x807B6CB: ex_call (eval.c:3526)
> ==4665== by 0x80B78EB: do_one_cmd (ex_docmd.c:2921)
> ==4665== by 0x80B4BF7: do_cmdline (ex_docmd.c:1107)
> ==4665== by 0x80B2B42: do_source (ex_cmds2.c:3727)
> ==4665== by 0x80B223A: cmd_source (ex_cmds2.c:3340)
> ==4665== by 0x80B2198: ex_source (ex_cmds2.c:3315)
> ==4665== by 0x80B78EB: do_one_cmd (ex_docmd.c:2921)
> ==4665== by 0x80B4BF7: do_cmdline (ex_docmd.c:1107)
> ==4665== Address 0x0 is not stack'd, malloc'd or (recently) free'd
>
> Code in eval.c:
>
> 9284 static void
> 9285 f_assert_fails(typval_T *argvars, typval_T *rettv UNUSED)
> 9286 {
> ...
> 9307 if (strstr((char *)vimvars[VV_ERRMSG].vv_str, error) == NULL)
>
> When crash happens, variable error is NULL at eval.c:9307.
> strstr(...) cannot be called with its 2nd argument being NULL.
>
> Attached patch fixes the crash, but please check whether
> it's the right way to fix it.
Thanks. I'll add a test. We don't need the json_decode() for that.
--
I started out with nothing, and I still have most of it.
-- Michael Davis -- "Tonight Show"
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
