Loading ...
Sorry, an error occurred while loading the content.
 

Re: [patch] fixed uninitialized memory access in i_CTRL-X_s (spell suggestion)

Expand Messages
  • Bram Moolenaar
    ... Thanks. I ll include it as is. While trying to reproduce this I encountered a crash: Soundfolding breaks on a 0x300 character. Perhaps there are a few
    Message 1 of 5 , Aug 1, 2010
      Dominique Pelle wrote:

      > I still see other Valgrind errors with spell suggestion with
      > Vim-7.2.446 and Vim-7.3c (2448:943280505f72) when doing:
      >
      > $ valgrind --num-callers=50 --track-origins=yes 2> vg.log \
      > vim -u NONE -c 'set spell|call feedkeys("i,,\<C-X>s")'
      >
      > ==4200== Conditional jump or move depends on uninitialised value(s)
      > ==4200== at 0x8123C84: utf_head_off (mbyte.c:3290)
      > ==4200== by 0x8198E00: suggest_trie_walk (spell.c:11666)
      > ==4200== by 0x8197E64: suggest_try_change (spell.c:11229)
      > ==4200== by 0x8197100: spell_suggest_intern (spell.c:10777)
      > ==4200== by 0x8196D1E: spell_find_suggest (spell.c:10641)
      > ==4200== by 0x81966A3: spell_suggest_list (spell.c:10494)
      > ==4200== by 0x81A248D: expand_spelling (spell.c:16021)
      > ==4200== by 0x806AD4E: ins_compl_get_exp (edit.c:4163)
      > ==4200== by 0x806B793: ins_compl_next (edit.c:4506)
      > ==4200== by 0x806C9DB: ins_complete (edit.c:5139)
      > ==4200== by 0x80669B4: edit (edit.c:1366)
      > ==4200== by 0x8134208: invoke_edit (normal.c:9024)
      > ==4200== by 0x81341AE: nv_edit (normal.c:8997)
      > ==4200== by 0x8127B87: normal_cmd (normal.c:1190)
      > ==4200== by 0x80E8E97: main_loop (main.c:1260)
      > ==4200== by 0x80E88CC: main (main.c:965)
      > ==4200== Uninitialised value was created by a stack allocation
      > ==4200== at 0x8197D56: suggest_try_change (spell.c:11204)
      >
      > Attached new patch fixes it but don't think it's ideal
      > since giving spell suggestion when only typing punctuation
      > does not make much sense.

      Thanks. I'll include it as is.

      While trying to reproduce this I encountered a crash: Soundfolding
      breaks on a 0x300 character.

      Perhaps there are a few more bugs in this area...

      --
      Team-building exercises come in many forms but they all trace their roots back
      to the prison system. In your typical team-building exercise the employees
      are subjected to a variety of unpleasant situations until they become either a
      cohesive team or a ring of car jackers.
      (Scott Adams - The Dilbert principle)

      /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net \\\
      /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
      \\\ download, build and distribute -- http://www.A-A-P.org ///
      \\\ help me help AIDS victims -- http://ICCF-Holland.org ///

      --
      You received this message from the "vim_dev" maillist.
      Do not top-post! Type your reply below the text you are replying to.
      For more information, visit http://www.vim.org/maillist.php
    • Tony Mechelynck
      ... U+0300 is a combining grave accent, its UTF-8 representation in hex is CC 80. Maybe Vim chokes on the 0x80 trailing byte? Any byte except the first in the
      Message 2 of 5 , Aug 1, 2010
        On 01/08/10 16:06, Bram Moolenaar wrote:
        >
        > Dominique Pelle wrote:
        >
        >> I still see other Valgrind errors with spell suggestion with
        >> Vim-7.2.446 and Vim-7.3c (2448:943280505f72) when doing:
        >>
        >> $ valgrind --num-callers=50 --track-origins=yes 2> vg.log \
        >> vim -u NONE -c 'set spell|call feedkeys("i,,\<C-X>s")'
        >>
        >> ==4200== Conditional jump or move depends on uninitialised value(s)
        >> ==4200== at 0x8123C84: utf_head_off (mbyte.c:3290)
        >> ==4200== by 0x8198E00: suggest_trie_walk (spell.c:11666)
        >> ==4200== by 0x8197E64: suggest_try_change (spell.c:11229)
        >> ==4200== by 0x8197100: spell_suggest_intern (spell.c:10777)
        >> ==4200== by 0x8196D1E: spell_find_suggest (spell.c:10641)
        >> ==4200== by 0x81966A3: spell_suggest_list (spell.c:10494)
        >> ==4200== by 0x81A248D: expand_spelling (spell.c:16021)
        >> ==4200== by 0x806AD4E: ins_compl_get_exp (edit.c:4163)
        >> ==4200== by 0x806B793: ins_compl_next (edit.c:4506)
        >> ==4200== by 0x806C9DB: ins_complete (edit.c:5139)
        >> ==4200== by 0x80669B4: edit (edit.c:1366)
        >> ==4200== by 0x8134208: invoke_edit (normal.c:9024)
        >> ==4200== by 0x81341AE: nv_edit (normal.c:8997)
        >> ==4200== by 0x8127B87: normal_cmd (normal.c:1190)
        >> ==4200== by 0x80E8E97: main_loop (main.c:1260)
        >> ==4200== by 0x80E88CC: main (main.c:965)
        >> ==4200== Uninitialised value was created by a stack allocation
        >> ==4200== at 0x8197D56: suggest_try_change (spell.c:11204)
        >>
        >> Attached new patch fixes it but don't think it's ideal
        >> since giving spell suggestion when only typing punctuation
        >> does not make much sense.
        >
        > Thanks. I'll include it as is.
        >
        > While trying to reproduce this I encountered a crash: Soundfolding
        > breaks on a 0x300 character.
        >
        > Perhaps there are a few more bugs in this area...
        >

        U+0300 is a combining grave accent, its UTF-8 representation in hex is
        CC 80. Maybe Vim chokes on the 0x80 trailing byte? Any byte except the
        first in the UTF-8 representation of a Unicode codepoint may have that
        value without being in any way "special".

        As a reminder, UTF-8 strictly segregates the values bytes may have, as
        follows:

        00-7F single bytes
        80-BF trailing bytes (any but the first) in a multibyte sequence
        C0-DF first byte in a 2-byte sequence
        E0-EF first byte in a 3-byte sequence
        F0-F7 first byte in a 4-byte sequence
        F8-FB first byte in a 5-byte sequence
        FC-FD first byte in a 6-byte sequence
        FE-FF invalid

        In addition, the Unicode Consortium has decided that no codepoint will
        ever be accepted above U+10FFFD, not even for private use, and that
        "overlong sequences" are not to be tolerated; this makes byte values F5
        and above "invalid for interchange".


        Best regards,
        Tony.
        --
        Economics, n.:
        Economics is the study of the value and meaning of J. K.
        Galbraith ...
        -- Mike Harding, "The Armchair Anarchist's Almanac"

        --
        You received this message from the "vim_dev" maillist.
        Do not top-post! Type your reply below the text you are replying to.
        For more information, visit http://www.vim.org/maillist.php
      Your message has been successfully submitted and would be delivered to recipients shortly.