Hi afl-fuzz found a case that causes Vim-7.4.1748 and older to crash (STRLEN called with NULL pointer):
$ vim -u NONE -c 'set notgst|ptag x' Vim: Caught deadly signal SEGV Vim: Finished. Segmentation fault (core dumped) Stack trace in gdb: Program received signal SIGSEGV, Segmentation fault. strlen () at ../sysdeps/x86_64/strlen.S:106 106 ../sysdeps/x86_64/strlen.S: No such file or directory. (gdb) bt #0 strlen () at ../sysdeps/x86_64/strlen.S:106 #1 0x00000000004e9b80 in vim_strsave (string=0x0) at misc2.c:1252 #2 0x00000000005b8a9a in do_tag (tag=0x88d505 "x", type=1, count=1, forceit=0, verbose=1) at tag.c:508 #3 0x0000000000480ce7 in ex_tag_cmd (eap=0x7fffffffda80, name=0x600182 "tag") at ex_docmd.c:10263 #4 0x0000000000480aa6 in ex_ptag (eap=0x7fffffffda80) at ex_docmd.c:10166 #5 0x00000000004744c4 in do_one_cmd (cmdlinep=0x7fffffffdba0, sourcing=1, cstack=0x7fffffffdc90, fgetline=0x0, cookie=0x0) at ex_docmd.c:2921 #6 0x00000000004711b2 in do_cmdline (cmdline=0x7fffffffe6de "set notgst|ptag x", fgetline=0x0, cookie=0x0, flags=11) at ex_docmd.c:1107 #7 0x00000000004707ee in do_cmdline_cmd (cmd=0x7fffffffe6de "set notgst|ptag x") at ex_docmd.c:712 #8 0x00000000005f0d3a in exe_commands (parmp=0x7fffffffe1e0) at main.c:2933 #9 0x00000000005ee2a2 in main (argc=5, argv=0x7fffffffe428) at main.c:955 Regards Dominique -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
