Dominique Pelle wrote:
> Valgrind memory checker detects a bug when entering the command ":cs find g".
> (requires support for cscope in vim)
>
> ==19660== Conditional jump or move depends on uninitialised value(s)
> ==19660== at 0x80D27F4: cs_find (if_cscope.c:969)
> ==19660== by 0x80D13E6: do_cscope_general (if_cscope.c:135)
> ==19660== by 0x80D1415: do_cscope (if_cscope.c:150)
> ==19660== by 0x809A1FB: do_one_cmd (ex_docmd.c:2622)
> ==19660== by 0x8097B18: do_cmdline (ex_docmd.c:1100)
> ==19660== by 0x8113F5C: nv_colon (normal.c:5168)
> ==19660== by 0x810E0B3: normal_cmd (normal.c:1141)
> ==19660== by 0x80D5939: main_loop (main.c:1180)
> ==19660== by 0x80D554D: main (main.c:939)
>
> Relevant code in if_cscope.c is:
>
> 951 cs_find(eap)
> 952 exarg_T *eap;
> 953 {
> 954 char *opt, *pat;
> 955
> 956 if (cs_check_for_connections() == FALSE)
> 957 {
> 958 (void)EMSG(_("E567: no cscope connections"));
> 959 return FALSE;
> 960 }
> 961
> 962 if ((opt = strtok((char *)NULL, (const char *)" ")) == NULL)
> 963 {
> 964 cs_usage_msg(Find);
> 965 return FALSE;
> 966 }
> 967
> 968 pat = opt + strlen(opt) + 1;
> !! 969 if (pat == NULL || (pat != NULL && pat[0] == '\0'))
> 970 {
> 971 cs_usage_msg(Find);
> 972 return FALSE;
> 973 }
> 974
> 975 return cs_find_common(opt, pat, eap->forceit, TRUE,
> 976 eap->cmdidx == CMD_lcscope);
> 977 } /* cs_find */
>
> Vim accesses uninitialized memory after the string ":cs find g"
> at line 969. As a result, it may display usage or may call
> (incorrectly) cs_find_common().
>
> Bug happens because command ":cs find g" is illegal (pattern
> to search is missing). Correct command would be something like
> ":cs find some_pattern". However, entering an incorrect command
> should not cause vim to to access uninitialized memory. It
> should display the usage of command.
>
> I attach a patch which fixes it. It calls strtok() another time
> to find the pattern after "cs find g". Note that patch changes
> the behavior slightly when entering several spaces before pattern.
> With patch, ":cs find pattern" will search for "pattern".
> Without patch, ":cs find pattern" will search for " pattern".
> I'm not sure whether that's a better behavior or not. I personally
> prefer behavior after patch. At least it fixes the access to
> uninitialized memory. If original behavior must be preserved,
> then bug needs to be fixed differently.
>
> I was using vim-7.1 (patches 1-79) built with +cscope feature
> on Linux x86.
Thanks for locating this problem and suggesting a solution.
I don't think that skipping white space before the pattern is a problem.
I would rather call it an improvement. However, I think your solution
also has the effect that it's not possible to have a space in the
pattern. That is undesired.
Can you try that this is solved by passing an empty string to strtok()?
An alternative is to do away with strtok() and use skipwhite() and
skiptowhite(). That avoids the need to duplicate "opt".
--
Press any key to continue, press any other key to quit.
/// Bram Moolenaar -- [EMAIL PROTECTED] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ download, build and distribute -- http://www.A-A-P.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--~--~---------~--~----~------------~-------~--~----~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~----------~----~----~----~------~----~------~--~---
