diff options
| author | Bram Moolenaar <Bram@vim.org> | 2017-02-23 17:07:14 +0100 |
|---|---|---|
| committer | Bram Moolenaar <Bram@vim.org> | 2017-02-23 17:07:14 +0100 |
| commit | 187a4f28140f10ff833862be7e3ef823d317e1c7 (patch) | |
| tree | c0646d162d24d7ea01279a1563324be2b0b3d999 | |
| parent | 1c410400fad79068b16dc4c6c7a023463a0858cf (diff) | |
| download | vim-git-187a4f28140f10ff833862be7e3ef823d317e1c7.tar.gz | |
patch 8.0.0355: using uninitialized memory when 'isfname' is emptyv8.0.0355
Problem: Using uninitialized memory when 'isfname' is empty.
Solution: Don't call getpwnam() without an argument. (Dominique Pelle,
closes #1464)
| -rw-r--r-- | src/misc1.c | 18 | ||||
| -rw-r--r-- | src/testdir/test_options.vim | 7 | ||||
| -rw-r--r-- | src/version.c | 2 |
3 files changed, 17 insertions, 10 deletions
diff --git a/src/misc1.c b/src/misc1.c index 17779ba0b..9f867266f 100644 --- a/src/misc1.c +++ b/src/misc1.c @@ -4028,15 +4028,12 @@ expand_env_esc( */ # if defined(HAVE_GETPWNAM) && defined(HAVE_PWD_H) { - struct passwd *pw; - /* Note: memory allocated by getpwnam() is never freed. * Calling endpwent() apparently doesn't help. */ - pw = getpwnam((char *)dst + 1); - if (pw != NULL) - var = (char_u *)pw->pw_dir; - else - var = NULL; + struct passwd *pw = (*dst == NUL) + ? NULL : getpwnam((char *)dst + 1); + + var = (pw == NULL) ? NULL : (char_u *)pw->pw_dir; } if (var == NULL) # endif @@ -9652,7 +9649,7 @@ expand_wildcards( # endif if (match_file_list(p_wig, (*files)[i], ffname)) { - /* remove this matching files from the list */ + /* remove this matching file from the list */ vim_free((*files)[i]); for (j = i; j + 1 < *num_files; ++j) (*files)[j] = (*files)[j + 1]; @@ -10736,14 +10733,15 @@ has_env_var(char_u *p) static int has_special_wildchar(char_u *p); /* - * Return TRUE if "p" contains a special wildcard character. - * Allowing for escaping. + * Return TRUE if "p" contains a special wildcard character, one that Vim + * cannot expand, requires using a shell. */ static int has_special_wildchar(char_u *p) { for ( ; *p; mb_ptr_adv(p)) { + /* Allow for escaping. */ if (*p == '\\' && p[1] != NUL) ++p; else if (vim_strchr((char_u *)SPECIAL_WILDCHAR, *p) != NULL) diff --git a/src/testdir/test_options.vim b/src/testdir/test_options.vim index 9ac46f243..11466dc16 100644 --- a/src/testdir/test_options.vim +++ b/src/testdir/test_options.vim @@ -22,6 +22,13 @@ function! Test_whichwrap() set whichwrap& endfunction +function! Test_isfname() + " This used to cause Vim to access uninitialized memory. + set isfname= + call assert_equal("~X", expand("~X")) + set isfname& +endfunction + function Test_options() let caught = 'ok' try diff --git a/src/version.c b/src/version.c index 9494e0327..64e11118b 100644 --- a/src/version.c +++ b/src/version.c @@ -765,6 +765,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 355, +/**/ 354, /**/ 353, |