Dominique wrote: > test3 gives this valgrind errors: > > ==14603== Memcheck, a memory error detector > ==14603== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. > ==14603== Using Valgrind-3.9.0.SVN and LibVEX; rerun with -h for copyright > info > ==14603== Command: ../vim -u unix.vim -U NONE --noplugin -s dotest.in test3.in > ==14603== > ==14603== Invalid read of size 1 > ==14603== at 0x516CA0: cin_skipcomment (misc1.c:5428) > ==14603== by 0x518846: cin_has_js_key (misc1.c:5522) > ==14603== by 0x5146EC: get_c_indent (misc1.c:7588) > ==14603== by 0x54AEE8: op_reindent (ops.c:704) > ==14603== by 0x539DD7: do_pending_operator (normal.c:1993) > ==14603== by 0x537709: normal_cmd (normal.c:1189) > ==14603== by 0x673358: main_loop (main.c:1326) > ==14603== by 0x66F50F: main (main.c:1026) > ==14603== Address 0xe89ba22 is 0 bytes after a block of size 2 alloc'd > ==14603== at 0x4C2A45D: malloc (vg_replace_malloc.c:291) > ==14603== by 0x51F000: lalloc (misc2.c:921) > ==14603== by 0x51EF97: alloc (misc2.c:820) > ==14603== by 0x51F6C7: vim_strsave (misc2.c:1245) > ==14603== by 0x513058: get_c_indent (misc1.c:7047) > ==14603== by 0x54AEE8: op_reindent (ops.c:704) > ==14603== by 0x539DD7: do_pending_operator (normal.c:1993) > ==14603== by 0x537709: normal_cmd (normal.c:1189) > ==14603== by 0x673358: main_loop (main.c:1326) > ==14603== by 0x66F50F: main (main.c:1026) > ==14603== > ==14603== Invalid read of size 1 > ==14603== at 0x518851: cin_has_js_key (misc1.c:5525) > ==14603== by 0x5146EC: get_c_indent (misc1.c:7588) > ==14603== by 0x54AEE8: op_reindent (ops.c:704) > ==14603== by 0x539DD7: do_pending_operator (normal.c:1993) > ==14603== by 0x537709: normal_cmd (normal.c:1189) > ==14603== by 0x673358: main_loop (main.c:1326) > ==14603== by 0x66F50F: main (main.c:1026) > ==14603== Address 0xe89ba22 is 0 bytes after a block of size 2 alloc'd > ==14603== at 0x4C2A45D: malloc (vg_replace_malloc.c:291) > ==14603== by 0x51F000: lalloc (misc2.c:921) > ==14603== by 0x51EF97: alloc (misc2.c:820) > ==14603== by 0x51F6C7: vim_strsave (misc2.c:1245) > ==14603== by 0x513058: get_c_indent (misc1.c:7047) > ==14603== by 0x54AEE8: op_reindent (ops.c:704) > ==14603== by 0x539DD7: do_pending_operator (normal.c:1993) > ==14603== by 0x537709: normal_cmd (normal.c:1189) > ==14603== by 0x673358: main_loop (main.c:1326) > ==14603== by 0x66F50F: main (main.c:1026) > > misc1.c: > > 5501 static int > 5502 cin_has_js_key(text) > 5503 char_u *text; > 5504 { > .... > 5517 while (vim_isIDc(*s)) > 5518 ++s; > 5519 if (*s == quote) > 5520 ++s; > 5521 > 5522 s = cin_skipcomment(s); > > Function cin_has_js_key(...) is called > with intput string text="3". At line 5517, > s is "3", so line 5518 increments s and > s then points to the end of string s="". > Since quote=0 (default value), line 5520 > is executed and s then points 1 byte > beyond the end of string, and line 5522 > then accesses memory beyond the end > of string. > > Attached patch fixes it by initializing > quote variable default value to > -1 instead of 0.
Thanks! -- BEDEVERE: Oooooh! LAUNCELOT: No "Aaaaarrrrrrggghhh ... " at the back of the throat. BEDEVERE: No! "Oooooh!" in surprise and alarm! "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD /// Bram Moolenaar -- b...@moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org /// -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.