changeset 10896:d513b653f5d0 v8.0.0337

patch 8.0.0337: invalid memory access in :recover command commit https://github.com/vim/vim/commit/c525e3a1c20f6b5d9809c8b84f80090a8e416c92 Author: Bram Moolenaar <Bram@vim.org> Date: Sat Feb 18 16:59:02 2017 +0100 patch 8.0.0337: invalid memory access in :recover command Problem: Invalid memory access in :recover command. Solution: Avoid access before directory name. (Dominique Pelle, closes #1488)
author Christian Brabandt <cb@256bit.org>
date Sat, 18 Feb 2017 17:00:05 +0100
parents c391bfbdb452
children a0cafa8cf121
files src/Makefile src/memline.c src/testdir/test_alot.vim src/testdir/test_recover.vim src/version.c
diffstat 5 files changed, 26 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/src/Makefile
+++ b/src/Makefile
@@ -2177,6 +2177,7 @@ test_arglist \
 	test_pyx2 \
 	test_pyx3 \
 	test_quickfix \
+	test_recover \
 	test_regexp_latin \
 	test_regexp_utf8 \
 	test_reltime \
--- a/src/memline.c
+++ b/src/memline.c
@@ -1863,8 +1863,10 @@ recover_names(
 	    else
 	    {
 #if defined(UNIX) || defined(WIN3264)
-		p = dir_name + STRLEN(dir_name);
-		if (after_pathsep(dir_name, p) && p[-1] == p[-2])
+		int	len = STRLEN(dir_name);
+
+		p = dir_name + len;
+		if (after_pathsep(dir_name, p) && len > 1 && p[-1] == p[-2])
 		{
 		    /* Ends with '//', Use Full path for swap name */
 		    tail = make_percent_swname(dir_name, fname_res);
@@ -3922,8 +3924,10 @@ makeswapname(
 #endif
 
 #if defined(UNIX) || defined(WIN3264)  /* Need _very_ long file names */
-    s = dir_name + STRLEN(dir_name);
-    if (after_pathsep(dir_name, s) && s[-1] == s[-2])
+    int		len = STRLEN(dir_name);
+
+    s = dir_name + len;
+    if (after_pathsep(dir_name, s) && len > 1 && s[-1] == s[-2])
     {			       /* Ends with '//', Use Full path */
 	r = NULL;
 	if ((s = make_percent_swname(dir_name, fname)) != NULL)
--- a/src/testdir/test_alot.vim
+++ b/src/testdir/test_alot.vim
@@ -34,6 +34,7 @@ source test_messages.vim
 source test_partial.vim
 source test_popup.vim
 source test_put.vim
+source test_recover.vim
 source test_reltime.vim
 source test_searchpos.vim
 source test_set.vim
new file mode 100644
--- /dev/null
+++ b/src/testdir/test_recover.vim
@@ -0,0 +1,14 @@
+" Test :recover
+
+func Test_recover_root_dir()
+  " This used to access invalid memory.
+  split Xtest
+  set dir=/
+  call assert_fails('recover', 'E305:')
+  close!
+
+  call assert_fails('split Xtest', 'E303:')
+  set dir&
+endfunc
+
+" TODO: move recover tests from test78.in to here.
--- a/src/version.c
+++ b/src/version.c
@@ -765,6 +765,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    337,
+/**/
     336,
 /**/
     335,