changeset 10932:141fe140976c v8.0.0355

patch 8.0.0355: using uninitialized memory when 'isfname' is empty commit https://github.com/vim/vim/commit/187a4f28140f10ff833862be7e3ef823d317e1c7 Author: Bram Moolenaar <Bram@vim.org> Date: Thu Feb 23 17:07:14 2017 +0100 patch 8.0.0355: using uninitialized memory when 'isfname' is empty Problem: Using uninitialized memory when 'isfname' is empty. Solution: Don't call getpwnam() without an argument. (Dominique Pelle, closes #1464)
author Christian Brabandt <cb@256bit.org>
date Thu, 23 Feb 2017 17:15:04 +0100
parents 1f6cfd495a17
children 54b0c4aecfa7
files src/misc1.c src/testdir/test_options.vim src/version.c
diffstat 3 files changed, 17 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/src/misc1.c
+++ b/src/misc1.c
@@ -4028,15 +4028,12 @@ expand_env_esc(
 		 */
 #  if defined(HAVE_GETPWNAM) && defined(HAVE_PWD_H)
 		{
-		    struct passwd *pw;
-
 		    /* Note: memory allocated by getpwnam() is never freed.
 		     * Calling endpwent() apparently doesn't help. */
-		    pw = getpwnam((char *)dst + 1);
-		    if (pw != NULL)
-			var = (char_u *)pw->pw_dir;
-		    else
-			var = NULL;
+		    struct passwd *pw = (*dst == NUL)
+					? NULL : getpwnam((char *)dst + 1);
+
+		    var = (pw == NULL) ? NULL : (char_u *)pw->pw_dir;
 		}
 		if (var == NULL)
 #  endif
@@ -9652,7 +9649,7 @@ expand_wildcards(
 # endif
 	    if (match_file_list(p_wig, (*files)[i], ffname))
 	    {
-		/* remove this matching files from the list */
+		/* remove this matching file from the list */
 		vim_free((*files)[i]);
 		for (j = i; j + 1 < *num_files; ++j)
 		    (*files)[j] = (*files)[j + 1];
@@ -10736,14 +10733,15 @@ has_env_var(char_u *p)
 static int has_special_wildchar(char_u *p);
 
 /*
- * Return TRUE if "p" contains a special wildcard character.
- * Allowing for escaping.
+ * Return TRUE if "p" contains a special wildcard character, one that Vim
+ * cannot expand, requires using a shell.
  */
     static int
 has_special_wildchar(char_u *p)
 {
     for ( ; *p; mb_ptr_adv(p))
     {
+	/* Allow for escaping. */
 	if (*p == '\\' && p[1] != NUL)
 	    ++p;
 	else if (vim_strchr((char_u *)SPECIAL_WILDCHAR, *p) != NULL)
--- a/src/testdir/test_options.vim
+++ b/src/testdir/test_options.vim
@@ -22,6 +22,13 @@ function! Test_whichwrap()
   set whichwrap&
 endfunction
 
+function! Test_isfname()
+  " This used to cause Vim to access uninitialized memory.
+  set isfname=
+  call assert_equal("~X", expand("~X"))
+  set isfname&
+endfunction
+
 function Test_options()
   let caught = 'ok'
   try
--- a/src/version.c
+++ b/src/version.c
@@ -765,6 +765,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    355,
+/**/
     354,
 /**/
     353,