aniani/vim
0
0
Fork 1
mirror of https://github.com/vim/vim.git synced 2025-10-01 04:54:07 -04:00
Code Activity

patch 9.0.1492: using uninitialized memory when argument is missing

Browse Source 
Problem:    Using uninitialized memory when argument is missing.
Solution:   Check there are sufficient arguments before the base.
            (closes #12302)
This commit is contained in:
Bram Moolenaar
2023-04-27 16:24:07 +01:00
parent fbf2071ac9
commit b7f2270bab
5 changed files with 23 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/evalfunc.c
View File

@@ -3134,6 +3134,9 @@ call_internal_method(
if (global_functions[fi].f_argtype == FEARG_2) if (global_functions[fi].f_argtype == FEARG_2)
{ {
if (argcount < 1)
return FCERR_TOOFEW;
// base value goes second // base value goes second
argv[0] = argvars[0]; argv[0] = argvars[0];
argv[1] = *basetv; argv[1] = *basetv;
@@ -3142,6 +3145,9 @@ call_internal_method(
} }
else if (global_functions[fi].f_argtype == FEARG_3) else if (global_functions[fi].f_argtype == FEARG_3)
{ {
if (argcount < 2)
return FCERR_TOOFEW;
// base value goes third // base value goes third
argv[0] = argvars[0]; argv[0] = argvars[0];
argv[1] = argvars[1]; argv[1] = argvars[1];
@@ -3151,6 +3157,9 @@ call_internal_method(
} }
else if (global_functions[fi].f_argtype == FEARG_4) else if (global_functions[fi].f_argtype == FEARG_4)
{ {
if (argcount < 3)
return FCERR_TOOFEW;
// base value goes fourth // base value goes fourth
argv[0] = argvars[0]; argv[0] = argvars[0];
argv[1] = argvars[1]; argv[1] = argvars[1];

3
src/testdir/test_expr.vim
View File

@@ -458,6 +458,9 @@ func Test_printf_misc()
call v9.CheckLegacyAndVim9Success(lines) call v9.CheckLegacyAndVim9Success(lines)
call v9.CheckLegacyAndVim9Failure(["call printf('123', 3)"], "E767:") call v9.CheckLegacyAndVim9Failure(["call printf('123', 3)"], "E767:")
" this was using uninitialized memory
call v9.CheckLegacyAndVim9Failure(["eval ''->printf()"], "E119:")
endfunc endfunc
func Test_printf_float() func Test_printf_float()

2
src/testdir/test_listener.vim
View File

@@ -212,6 +212,8 @@ func Test_listener_args()
call assert_fails('call listener_add([])', 'E921:') call assert_fails('call listener_add([])', 'E921:')
call assert_fails('call listener_add("s:StoreListArgs", [])', 'E730:') call assert_fails('call listener_add("s:StoreListArgs", [])', 'E730:')
call assert_fails('call listener_flush([])', 'E730:') call assert_fails('call listener_flush([])', 'E730:')
call assert_fails('eval ""->listener_add()', 'E119:')
endfunc endfunc
func s:StoreBufList(buf, start, end, added, list) func s:StoreBufList(buf, start, end, added, list)

2
src/version.c
View File

@@ -695,6 +695,8 @@ static char *(features[]) =
static int included_patches[] = static int included_patches[] =
{ /* Add new patch number below this line */ { /* Add new patch number below this line */
/**/
1492,
/**/ /**/
1491, 1491,
/**/ /**/

8
src/vim9instr.c
View File

@@ -1626,8 +1626,14 @@ check_internal_func_args(
if (method_call && argoff > 1) if (method_call && argoff > 1)
{ {
isn_T *isn = generate_instr(cctx, ISN_SHUFFLE); if (argcount < argoff)
{
semsg(_(e_not_enough_arguments_for_function_str),
internal_func_name(func_idx));
return FAIL;
}
isn_T *isn = generate_instr(cctx, ISN_SHUFFLE);
if (isn == NULL) if (isn == NULL)
return FAIL; return FAIL;
isn->isn_arg.shuffle.shfl_item = argcount; isn->isn_arg.shuffle.shfl_item = argcount;