changeset 13066:617112037564 v8.0.1408

patch 8.0.1408: crash in setqflist() commit https://github.com/vim/vim/commit/a0ca7d002d4efcf4bce0af6943146a339677ed3d Author: Bram Moolenaar <Bram@vim.org> Date: Tue Dec 19 10:22:19 2017 +0100 patch 8.0.1408: crash in setqflist() Problem: Crash in setqflist(). Solution: Check for string to be NULL. (Dominique Pelle, closes https://github.com/vim/vim/issues/2464)
author Christian Brabandt <cb@256bit.org>
date Tue, 19 Dec 2017 10:30:05 +0100
parents c576bdd0edfa
children 90405f52088a
files src/quickfix.c src/testdir/test_quickfix.vim src/version.c
diffstat 3 files changed, 21 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/src/quickfix.c
+++ b/src/quickfix.c
@@ -4930,8 +4930,9 @@ qf_get_properties(win_T *wp, dict_T *wha
 			qf_idx = -1;
 		}
 	    }
-	    else if ((di->di_tv.v_type == VAR_STRING)
-		    && (STRCMP(di->di_tv.vval.v_string, "$") == 0))
+	    else if (di->di_tv.v_type == VAR_STRING
+			    && di->di_tv.vval.v_string != NULL
+			    && STRCMP(di->di_tv.vval.v_string, "$") == 0)
 		/* Get the last quickfix list number */
 		qf_idx = qi->qf_listcount - 1;
 	    else
@@ -5226,7 +5227,8 @@ qf_set_properties(qf_info_T *qi, dict_T 
 		newlist = FALSE;	/* use the specified list */
 	}
 	else if (di->di_tv.v_type == VAR_STRING
-		&& STRCMP(di->di_tv.vval.v_string, "$") == 0)
+			&& di->di_tv.vval.v_string != NULL
+			&& STRCMP(di->di_tv.vval.v_string, "$") == 0)
 	{
 	    if (qi->qf_listcount > 0)
 		qf_idx = qi->qf_listcount - 1;
--- a/src/testdir/test_quickfix.vim
+++ b/src/testdir/test_quickfix.vim
@@ -1428,6 +1428,11 @@ func XquickfixSetListWithAct(cchar)
   call assert_fails("call g:Xsetlist(list1, 0)", 'E928:')
 endfunc
 
+func Test_setqflist_invalid_nr()
+  " The following command used to crash Vim
+  call setqflist([], ' ', {'nr' : $XXX_DOES_NOT_EXIST})
+endfunc
+
 func Test_quickfix_set_list_with_act()
   call XquickfixSetListWithAct('c')
   call XquickfixSetListWithAct('l')
@@ -2946,6 +2951,15 @@ func Test_getqflist()
   call Xgetlist_empty_tests('l')
 endfunc
 
+func Test_getqflist_invalid_nr()
+  " The following commands used to crash Vim
+  cexpr ""
+  call getqflist({'nr' : $XXX_DOES_NOT_EXIST_XXX})
+
+  " Cleanup
+  call setqflist([], 'r')
+endfunc
+
 " Tests for the quickfix/location list changedtick
 func Xqftick_tests(cchar)
   call s:setup_commands(a:cchar)
--- a/src/version.c
+++ b/src/version.c
@@ -772,6 +772,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1408,
+/**/
     1407,
 /**/
     1406,