Patch 8.0.0355
Problem: Using uninitialized memory when 'isfname' is empty.
Solution: Don't call getpwnam() without an argument. (Dominique Pelle,
closes #1464)
Files: src/misc1.c, src/testdir/test_options.vim
*** ../vim-8.0.0354/src/misc1.c 2017-02-17 16:31:16.925294107 +0100
--- src/misc1.c 2017-02-23 17:00:02.835293538 +0100
***************
*** 4028,4042 ****
*/
# if defined(HAVE_GETPWNAM) && defined(HAVE_PWD_H)
{
- struct passwd *pw;
-
/* Note: memory allocated by getpwnam() is never freed.
* Calling endpwent() apparently doesn't help. */
! pw = getpwnam((char *)dst + 1);
! if (pw != NULL)
! var = (char_u *)pw->pw_dir;
! else
! var = NULL;
}
if (var == NULL)
# endif
--- 4028,4039 ----
*/
# if defined(HAVE_GETPWNAM) && defined(HAVE_PWD_H)
{
/* Note: memory allocated by getpwnam() is never freed.
* Calling endpwent() apparently doesn't help. */
! struct passwd *pw = (*dst == NUL)
! ? NULL : getpwnam((char *)dst + 1);
!
! var = (pw == NULL) ? NULL : (char_u *)pw->pw_dir;
}
if (var == NULL)
# endif
***************
*** 9652,9658 ****
# endif
if (match_file_list(p_wig, (*files)[i], ffname))
{
! /* remove this matching files from the list */
vim_free((*files)[i]);
for (j = i; j + 1 < *num_files; ++j)
(*files)[j] = (*files)[j + 1];
--- 9649,9655 ----
# endif
if (match_file_list(p_wig, (*files)[i], ffname))
{
! /* remove this matching file from the list */
vim_free((*files)[i]);
for (j = i; j + 1 < *num_files; ++j)
(*files)[j] = (*files)[j + 1];
***************
*** 10736,10749 ****
static int has_special_wildchar(char_u *p);
/*
! * Return TRUE if "p" contains a special wildcard character.
! * Allowing for escaping.
*/
static int
has_special_wildchar(char_u *p)
{
for ( ; *p; mb_ptr_adv(p))
{
if (*p == '\\' && p[1] != NUL)
++p;
else if (vim_strchr((char_u *)SPECIAL_WILDCHAR, *p) != NULL)
--- 10733,10747 ----
static int has_special_wildchar(char_u *p);
/*
! * Return TRUE if "p" contains a special wildcard character, one that Vim
! * cannot expand, requires using a shell.
*/
static int
has_special_wildchar(char_u *p)
{
for ( ; *p; mb_ptr_adv(p))
{
+ /* Allow for escaping. */
if (*p == '\\' && p[1] != NUL)
++p;
else if (vim_strchr((char_u *)SPECIAL_WILDCHAR, *p) != NULL)
*** ../vim-8.0.0354/src/testdir/test_options.vim 2017-02-19
21:07:01.002386675 +0100
--- src/testdir/test_options.vim 2017-02-23 17:00:02.835293538 +0100
***************
*** 22,27 ****
--- 22,34 ----
set whichwrap&
endfunction
+ function! Test_isfname()
+ " This used to cause Vim to access uninitialized memory.
+ set isfname=
+ call assert_equal("~X", expand("~X"))
+ set isfname&
+ endfunction
+
function Test_options()
let caught = 'ok'
try
*** ../vim-8.0.0354/src/version.c 2017-02-23 15:19:59.409451193 +0100
--- src/version.c 2017-02-23 16:59:49.219379339 +0100
***************
*** 766,767 ****
--- 766,769 ----
{ /* Add new patch number below this line */
+ /**/
+ 355,
/**/
--
hundred-and-one symptoms of being an internet addict:
9. All your daydreaming is preoccupied with getting a faster connection to the
net: 28.8...ISDN...cable modem...T1...T3.
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
