Dominique wrote:
> Afl-fuzz found this case that causes invalid memory access
> with vim-8.0.566 and older:
>
> $ valgrind vim -u NONE -c'set spell|call setline(1, "\xff")|norm z=' 2>vg.log
>
> ==4997== Memcheck, a memory error detector
> ==4997== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
> ==4997== Using Valgrind-3.12.0.SVN and LibVEX; rerun with -h for copyright
> info
> ==4997== Command: vim -u NONE -cset\ spell|call\ setline(1,\ "\\xff")|norm\ z=
> ==4997==
> ==4997== Invalid read of size 1
> ==4997== at 0x4C2E010: __strncpy_sse2_unaligned (vg_replace_strmem.c:548)
> ==4997== by 0x4C786E: strncpy (string3.h:120)
> ==4997== by 0x4C786E: vim_strncpy (misc2.c:1716)
> ==4997== by 0x5730C0: check_suggestions (spell.c:6871)
> ==4997== by 0x56EAFB: spell_suggest_intern (spell.c:4075)
> ==4997== by 0x56EAFB: spell_find_suggest (spell.c:3881)
> ==4997== by 0x56D8C2: spell_suggest (spell.c:3417)
> ==4997== by 0x4E0C63: nv_zet (normal.c:5210)
> ==4997== by 0x4D6B66: normal_cmd (normal.c:1150)
> ==4997== by 0x4622C1: exec_normal (ex_docmd.c:10475)
> ==4997== by 0x4621AD: exec_normal_cmd (ex_docmd.c:10458)
> ==4997== by 0x4621AD: ex_normal (ex_docmd.c:10367)
> ==4997== by 0x45D154: do_one_cmd (ex_docmd.c:3021)
> ==4997== by 0x45944D: do_cmdline (ex_docmd.c:1160)
> ==4997== by 0x5D347C: exe_commands (main.c:2923)
> ==4997== by 0x5D347C: vim_main2 (main.c:790)
> ==4997== Address 0x7820ef2 is 0 bytes after a block of size 2 alloc'd
> ==4997== at 0x4C2ABF5: malloc (vg_replace_malloc.c:299)
> ==4997== by 0x4C6A27: lalloc (misc2.c:942)
> ==4997== by 0x4C6CDE: alloc (misc2.c:840)
> ==4997== by 0x4C6CDE: vim_strsave (misc2.c:1285)
> ==4997== by 0x56D877: spell_suggest (spell.c:3407)
> ==4997== by 0x4E0C63: nv_zet (normal.c:5210)
> ==4997== by 0x4D6B66: normal_cmd (normal.c:1150)
> ==4997== by 0x4622C1: exec_normal (ex_docmd.c:10475)
> ==4997== by 0x4621AD: exec_normal_cmd (ex_docmd.c:10458)
> ==4997== by 0x4621AD: ex_normal (ex_docmd.c:10367)
> ==4997== by 0x45D154: do_one_cmd (ex_docmd.c:3021)
> ==4997== by 0x45944D: do_cmdline (ex_docmd.c:1160)
> ==4997== by 0x5D347C: exe_commands (main.c:2923)
> ==4997== by 0x5D347C: vim_main2 (main.c:790)
> ==4997== by 0x5D1D99: main (main.c:419)
Thanks!
--
A mathematician is a device for turning coffee into theorems.
Paul Erdos
A computer programmer is a device for turning coffee into bugs.
Bram Moolenaar
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
