> Dominique Pellé wrote: > > > Hi > > > > vim-7.4.1967 (and earlier) accesses invalid memory > > when running this command: > > > > $ valgrind --num-callers=20 vim -u NONE -c 'ec "\<C-">' -c q 2> log > > > > log file then contains: > > > > =5725== Memcheck, a memory error detector > > ==5725== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. > > ==5725== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info > > ==5725== Command: vim -u NONE -c ec\ "\\\<C-"\> -c q > > ==5725== > > ==5725== Invalid read of size 1 > > ==5725== at 0x414598: skipwhite (charset.c:1522) > > ==5725== by 0x4346EE: eval7 (eval.c:5346) > > ==5725== by 0x433EC2: eval6 (eval.c:4964) > > ==5725== by 0x4339A4: eval5 (eval.c:4780) > > ==5725== by 0x432C67: eval4 (eval.c:4479) > > ==5725== by 0x432AA4: eval3 (eval.c:4396) > > ==5725== by 0x43291C: eval2 (eval.c:4328) > > ==5725== by 0x432753: eval1 (eval.c:4256) > > ==5725== by 0x453969: ex_echo (eval.c:23765) > > ==5725== by 0x475BE4: do_one_cmd (ex_docmd.c:2923) > > ==5725== by 0x4728D2: do_cmdline (ex_docmd.c:1108) > > ==5725== by 0x471F0E: do_cmdline_cmd (ex_docmd.c:713) > > ==5725== by 0x5F67E3: exe_commands (main.c:2944) > > ==5725== by 0x5F3D4B: main (main.c:959) > > ==5725== Address 0x769ec8b is 0 bytes after a block of size 11 alloc'd > > ==5725== at 0x4C2AB80: malloc (in > > /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > > ==5725== by 0x4ECEBF: lalloc (misc2.c:920) > > ==5725== by 0x4ECD8C: alloc (misc2.c:818) > > ==5725== by 0x4ED319: vim_strsave (misc2.c:1253) > > ==5725== by 0x4726FC: do_cmdline (ex_docmd.c:1038) > > ==5725== by 0x471F0E: do_cmdline_cmd (ex_docmd.c:713) > > ==5725== by 0x5F67E3: exe_commands (main.c:2944) > > ==5725== by 0x5F3D4B: main (main.c:959) > > (more errors after that...) > > > > Bug was found using afl-fuzz. > > > > I'm not sure whether \<C-"> in a string is valid syntax, but > > it should not cause invalid memory access. > > > > I'll try to debug it during next weekend but > > maybe someone else can fix it earlier. > > Attached is a patch that fixes the bug. > All tests pass, but I'm not sure that the fix is correct. > As far as I can tell spatial keys like <c-"> should not be allowed. > Please check.
Thanks. We have been permissive with these special characters, changing that now might break some scripts. So let's just fix the problem. I'll also add a test. -- hundred-and-one symptoms of being an internet addict: 168. You have your own domain name. /// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org /// -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
