Hi Dominique,
On Mon, Dec 18, 2017 at 1:42 PM, Dominique Pellé
<[email protected]> wrote:
> This PR fixes a crash (read at address 0) in vim-8.0.1406
> and older reproducible with:
>
> $ vim -u NONE -c 'call setqflist([], " ", {"nr" : $XXX_DOES_NOT_EXIST_XXX})'
> -cq
> Vim: Caught deadly signal SEGV
> Vim: Finished.
> Segmentation fault (core dumped)
>
> Bug was found using afl-fuzz.
>
> I'm not sure whether the fix is a workaround or a proper fix.
>
> Bug happens when accessing an environment variable which
> does not exist. I wonder whether there could be other similar
> bugs lurking.
>
A similar check is needed in the qf_get_properties() function. Otherwise the
following commands will crash Vim:
cexpr ""
echo getqflist({'nr' : $XXX_DOES_NOT_EXIST_XXX})
Regards,
Yegappan
>
> ________________________________
>
> You can view, comment on, or merge this pull request online at:
>
> https://github.com/vim/vim/pull/2464
>
> Commit Summary
>
> Fixed crash in setqflist()
>
> File Changes
>
> M src/quickfix.c (2)
> M src/testdir/test_quickfix.vim (5)
>
> Patch Links:
>
> https://github.com/vim/vim/pull/2464.patch
> https://github.com/vim/vim/pull/2464.diff
>
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
