Hi The following command accesses uninitialized memory with vim-7.4.2341 and older:
$ valgrind --track-origins=yes --num-callers=20 \ vim -u NONE -e -s -c 'norm !ls' -cq 2> log log file contains: ==12739== Memcheck, a memory error detector ==12739== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==12739== Using Valgrind-3.12.0.SVN and LibVEX; rerun with -h for copyright info ==12739== Command: vim -u NONE -e -s -c norm\ !ls -cq ==12739== ==12739== Conditional jump or move depends on uninitialised value(s) ==12739== at 0x67CF29: msg_puts_printf (message.c:2465) ==12739== by 0x679394: msg_puts_attr_len (message.c:1908) ==12739== by 0x6791EB: msg_outtrans_len_attr (message.c:1442) ==12739== by 0x67921F: msg_outtrans_len (message.c:1336) ==12739== by 0x4AEACA: draw_cmdline (ex_getln.c:2891) ==12739== by 0x4AC83B: put_on_cmdline (ex_getln.c:3054) ==12739== by 0x4AA89E: getcmdline (ex_getln.c:1840) ==12739== by 0x4AF0BF: getexline (ex_getln.c:2291) ==12739== by 0x488515: do_cmdline (ex_docmd.c:1006) ==12739== by 0x53EAB3: nv_colon (normal.c:5323) ==12739== by 0x53488A: normal_cmd (normal.c:1149) ==12739== by 0x494ED6: exec_normal (ex_docmd.c:10250) ==12739== by 0x494E0A: exec_normal_cmd (ex_docmd.c:10233) ==12739== by 0x494CC9: ex_normal (ex_docmd.c:10142) ==12739== by 0x48D1E7: do_one_cmd (ex_docmd.c:2962) ==12739== by 0x4887FC: do_cmdline (ex_docmd.c:1110) ==12739== by 0x4896B9: do_cmdline_cmd (ex_docmd.c:715) ==12739== by 0x66D527: exe_commands (main.c:2896) ==12739== by 0x66BFB0: vim_main2 (main.c:781) ==12739== by 0x669891: main (main.c:415) ==12739== Uninitialised value was created by a heap allocation ==12739== at 0x4C2ABF5: malloc (vg_replace_malloc.c:299) ==12739== by 0x51E900: lalloc (misc2.c:942) ==12739== by 0x51E897: alloc (misc2.c:840) ==12739== by 0x4AE82F: draw_cmdline (ex_getln.c:2824) ==12739== by 0x4AC83B: put_on_cmdline (ex_getln.c:3054) ==12739== by 0x4AA89E: getcmdline (ex_getln.c:1840) ==12739== by 0x4AF0BF: getexline (ex_getln.c:2291) ==12739== by 0x488515: do_cmdline (ex_docmd.c:1006) ==12739== by 0x53EAB3: nv_colon (normal.c:5323) ==12739== by 0x53488A: normal_cmd (normal.c:1149) ==12739== by 0x494ED6: exec_normal (ex_docmd.c:10250) ==12739== by 0x494E0A: exec_normal_cmd (ex_docmd.c:10233) ==12739== by 0x494CC9: ex_normal (ex_docmd.c:10142) ==12739== by 0x48D1E7: do_one_cmd (ex_docmd.c:2962) ==12739== by 0x4887FC: do_cmdline (ex_docmd.c:1110) ==12739== by 0x4896B9: do_cmdline_cmd (ex_docmd.c:715) ==12739== by 0x66D527: exe_commands (main.c:2896) ==12739== by 0x66BFB0: vim_main2 (main.c:781) ==12739== by 0x669891: main (main.c:415) Vim is drawing the command line but I suppose that it should not try to draw it in silent mode (i.e. with -e -s command line options). Bug was found using afl-fuzz. Regards Dominique -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
