Hi,
2016-4-17(Sun) 19:45:47 UTC+9 h_east:
> Hi Bram and Dominique,
>
> 2016-4-17(Sun) 17:59:01 UTC+9 Bram Moolenaar:
> > Dominique wrote:
> >
> > > afl-fuzz found a case that causes Vim-7.4.1748 and older
> > > to crash (STRLEN called with NULL pointer):
> > >
> > > $ vim -u NONE -c 'set notgst|ptag x'
> > > Vim: Caught deadly signal SEGV
> > > Vim: Finished.
> > > Segmentation fault (core dumped)
> > >
> > > Stack trace in gdb:
> > >
> > > Program received signal SIGSEGV, Segmentation fault.
> > > strlen () at ../sysdeps/x86_64/strlen.S:106
> > > 106 ../sysdeps/x86_64/strlen.S: No such file or directory.
> > > (gdb) bt
> > > #0 strlen () at ../sysdeps/x86_64/strlen.S:106
> > > #1 0x00000000004e9b80 in vim_strsave (string=0x0) at misc2.c:1252
> > > #2 0x00000000005b8a9a in do_tag (tag=0x88d505 "x", type=1, count=1,
> > > forceit=0, verbose=1) at tag.c:508
> > > #3 0x0000000000480ce7 in ex_tag_cmd (eap=0x7fffffffda80,
> > > name=0x600182 "tag") at ex_docmd.c:10263
> > > #4 0x0000000000480aa6 in ex_ptag (eap=0x7fffffffda80) at ex_docmd.c:10166
> > > #5 0x00000000004744c4 in do_one_cmd (cmdlinep=0x7fffffffdba0,
> > > sourcing=1, cstack=0x7fffffffdc90, fgetline=0x0, cookie=0x0) at
> > > ex_docmd.c:2921
> > > #6 0x00000000004711b2 in do_cmdline (cmdline=0x7fffffffe6de "set
> > > notgst|ptag x", fgetline=0x0, cookie=0x0, flags=11) at ex_docmd.c:1107
> > > #7 0x00000000004707ee in do_cmdline_cmd (cmd=0x7fffffffe6de "set
> > > notgst|ptag x") at ex_docmd.c:712
> > > #8 0x00000000005f0d3a in exe_commands (parmp=0x7fffffffe1e0) at
> > > main.c:2933
> > > #9 0x00000000005ee2a2 in main (argc=5, argv=0x7fffffffe428) at main.c:955
> >
> > Thanks. You don't know how to fix it?
>
> Attached patch may fix this issue.
> Please review this.
> If looks good then I would write a test later.
Update a patch. (Add a test)
Please check it.
--
Best regards,
Hirohito Higashi (a.k.a. h_east)
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
diff --git a/src/Makefile b/src/Makefile
index 195cbd5..b24c210 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -2042,6 +2042,7 @@ test_arglist \
test_syn_attr \
test_syntax \
test_tabline \
+ test_tagjump \
test_timers \
test_undolevels \
test_unlet \
diff --git a/src/tag.c b/src/tag.c
index 4224c6f..8f4495e 100644
--- a/src/tag.c
+++ b/src/tag.c
@@ -200,6 +200,14 @@ do_tag(
{
use_tagstack = FALSE;
new_tag = TRUE;
+#if defined(FEAT_WINDOWS) && defined(FEAT_QUICKFIX)
+ if (g_do_tagpreview != 0)
+ {
+ vim_free(ptag_entry.tagname);
+ if ((ptag_entry.tagname = vim_strsave(tag)) == NULL)
+ goto end_do_tag;
+ }
+#endif
}
else
{
diff --git a/src/testdir/test_alot.vim b/src/testdir/test_alot.vim
index 5637a8e..cb37771 100644
--- a/src/testdir/test_alot.vim
+++ b/src/testdir/test_alot.vim
@@ -27,6 +27,7 @@ source test_sort.vim
source test_statusline.vim
source test_syn_attr.vim
source test_tabline.vim
+source test_tagjump.vim
source test_timers.vim
source test_undolevels.vim
source test_unlet.vim
diff --git a/src/testdir/test_tagjump.vim b/src/testdir/test_tagjump.vim
new file mode 100644
index 0000000..6d8694f
--- /dev/null
+++ b/src/testdir/test_tagjump.vim
@@ -0,0 +1,9 @@
+" Tests for tagjump (tags and special searches)
+
+" SEGV occurs in older versions. (At least 7.4.1748 or older)
+func Test_ptag_with_notagstack()
+ set notagstack
+ call assert_fails('ptag does_not_exist_tag_name', 'E426')
+ set tagstack&vim
+endfunc
+" vim: ts=2 sw=2 et
