aniani/vim
0
0
Fork 1
mirror of https://github.com/vim/vim.git synced 2025-09-27 04:14:06 -04:00
Code Activity

patch 8.0.0355: using uninitialized memory when 'isfname' is empty

Browse Source 
Problem:    Using uninitialized memory when 'isfname' is empty.
Solution:   Don't call getpwnam() without an argument. (Dominique Pelle,
            closes #1464)
This commit is contained in:
Bram Moolenaar
2017-02-23 17:07:14 +01:00
parent 1c410400fa
commit 187a4f2814
3 changed files with 17 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/misc1.c
View File

@@ -4028,15 +4028,12 @@ expand_env_esc(
*/ */
# if defined(HAVE_GETPWNAM) && defined(HAVE_PWD_H) # if defined(HAVE_GETPWNAM) && defined(HAVE_PWD_H)
{ {
struct passwd *pw;
/* Note: memory allocated by getpwnam() is never freed. /* Note: memory allocated by getpwnam() is never freed.
* Calling endpwent() apparently doesn't help. */ * Calling endpwent() apparently doesn't help. */
pw = getpwnam((char *)dst + 1); struct passwd *pw = (*dst == NUL)
if (pw != NULL) ? NULL : getpwnam((char *)dst + 1);
var = (char_u *)pw->pw_dir;
else var = (pw == NULL) ? NULL : (char_u *)pw->pw_dir;
var = NULL;
} }
if (var == NULL) if (var == NULL)
# endif # endif
@@ -9652,7 +9649,7 @@ expand_wildcards(
# endif # endif
if (match_file_list(p_wig, (*files)[i], ffname)) if (match_file_list(p_wig, (*files)[i], ffname))
{ {
/* remove this matching files from the list */ /* remove this matching file from the list */
vim_free((*files)[i]); vim_free((*files)[i]);
for (j = i; j + 1 < *num_files; ++j) for (j = i; j + 1 < *num_files; ++j)
(*files)[j] = (*files)[j + 1]; (*files)[j] = (*files)[j + 1];
@@ -10736,14 +10733,15 @@ has_env_var(char_u *p)
static int has_special_wildchar(char_u *p); static int has_special_wildchar(char_u *p);
/* /*
* Return TRUE if "p" contains a special wildcard character. * Return TRUE if "p" contains a special wildcard character, one that Vim
* Allowing for escaping. * cannot expand, requires using a shell.
*/ */
static int static int
has_special_wildchar(char_u *p) has_special_wildchar(char_u *p)
{ {
for ( ; *p; mb_ptr_adv(p)) for ( ; *p; mb_ptr_adv(p))
{ {
/* Allow for escaping. */
if (*p == '\\' && p[1] != NUL) if (*p == '\\' && p[1] != NUL)
++p; ++p;
else if (vim_strchr((char_u *)SPECIAL_WILDCHAR, *p) != NULL) else if (vim_strchr((char_u *)SPECIAL_WILDCHAR, *p) != NULL)

7
src/testdir/test_options.vim
View File

@@ -22,6 +22,13 @@ function! Test_whichwrap()
set whichwrap& set whichwrap&
endfunction endfunction
function! Test_isfname()
" This used to cause Vim to access uninitialized memory.
set isfname=
call assert_equal("~X", expand("~X"))
set isfname&
endfunction
function Test_options() function Test_options()
let caught = 'ok' let caught = 'ok'
try try

2
src/version.c
View File

@@ -764,6 +764,8 @@ static char *(features[]) =
static int included_patches[] = static int included_patches[] =
{ /* Add new patch number below this line */ { /* Add new patch number below this line */
/**/
355,
/**/ /**/
354, 354,
/**/ /**/