Dominique Pelle wrote:
> > > Hi, > > > > > > Valgrind memory checker finds several errors in vim-7.1 (patches 1-50) > > > when built with --enable-multibyte: > > > > > > $ ./configure --enable-multibyte > > > $ make CFLAGS="-O0 -g" > > > $ cd src/testdir > > > $ valgrind ../vim -u unix.vim -U NONE --noplugin -s dotest.in > > > test45.in 2> valgrind-test45.txt > > ... > > > It's a lot of work to check out the warnings, so please make sure there > > are no false warnings. > > > I believe I have a patch to fix errors reported by valgrind in test case 45 > but please review it. > > Error was: > > ==14428== Conditional jump or move depends on uninitialised value(s) > ==14428== at 0x80FDD10: utfc_ptr2len (mbyte.c:1676) > ==14428== by 0x813EB6B: win_line (screen.c:3586) > ==14428== by 0x813BBF0: win_update (screen.c:1760) > ==14428== by 0x8139FFE: update_screen (screen.c:522) > ==14428== by 0x80CD1CF: main_loop (main.c:1088) > ==14428== by 0x80CCF72: main (main.c:939) > etc. > > Variable p_extra at screen.c:3586 was initialized by fill_foldcolumn() > with 'foldcolumn' spaces (3 spaces in test case 45). 'p_extra' pointer > is actually in this case the local 'extra' array. The rest of 'p_extra' > buffer is uninitialized. vim_line() then loops on those 3 spaces but > accesses the next characters inside utfc_ptr2len() when multi_byte > is enabled, hence causing valgrind to complain when displaying > the last space. > > Bug can be simply triggered when doing ":set foldcolumn" and when > vim was built 'multi_byte'. The following command is enough to trigger > an error with valgrind: > > $ vim -u NONE -c 'set foldcolumn=4' 2> valgrind.log > > I attach the patch to fix the problem. It basically adds NUL character > at the end of 'foldcolumn' spaces when. This patch actually fixes all errors > reported by valgrind in test case 45. > > Without patch, bahavior of calling utfc_ptr2len() at line screen.c:3586 > may be undetermined. It's also slower since it may need to call > utf_ptr2len() whereas with patch, function utfc_ptr2len() returns > immediately at mbyte.c:1676. Thanks for digging into this. I spotted a few other places where p_extra may point to text that is not NUL terminated and where utfc_ptr2len() may not work correctly. That won't give an uninitialized read error, but it may still be wrong. -- >From "know your smileys": =):-) Uncle Sam /// Bram Moolenaar -- [EMAIL PROTECTED] -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ download, build and distribute -- http://www.A-A-P.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org /// --~--~---------~--~----~------------~-------~--~----~ You received this message from the "vim_dev" maillist. For more information, visit http://www.vim.org/maillist.php -~----------~----~----~----~------~----~------~--~---
