Loading ...
Sorry, an error occurred while loading the content.

[PATCH] Fix segfault in home_replace() when $HOME is unset

Expand Messages
  • Chris Webb
    home_replace() calls vim_strchr() on the result of mch_getenv( HOME ) without checking for a NULL value. If $HOME is unset, this causes a segfault reproducible
    Message 1 of 3 , Jul 6, 2012
    • 0 Attachment
      home_replace() calls vim_strchr() on the result of mch_getenv("HOME")
      without checking for a NULL value. If $HOME is unset, this causes a segfault
      reproducible with 'env -i src/vim /etc/passwd'. (Introduced in v7-3-559.)

      Fix by guarding vim_strstr(homedir_env, ...) with homedir_env != NULL.

      Signed-off-by: Chris Webb <chris@...>
      ---
      src/misc1.c | 2 +-
      1 file changed, 1 insertion(+), 1 deletion(-)

      diff --git a/src/misc1.c b/src/misc1.c
      index 99881dc..579c9da 100644
      --- a/src/misc1.c
      +++ b/src/misc1.c
      @@ -4497,7 +4497,7 @@ home_replace(buf, src, dst, dstlen, one)
      homedir_env_orig = homedir_env = mch_getenv((char_u *)"HOME");
      #endif
      #if defined(FEAT_MODIFY_FNAME) || defined(WIN3264)
      - if (vim_strchr(homedir_env, '~') != NULL)
      + if (homedir_env != NULL && vim_strchr(homedir_env, '~') != NULL)
      {
      int usedlen = 0;
      int flen;
      --
      1.7.10

      --
      You received this message from the "vim_dev" maillist.
      Do not top-post! Type your reply below the text you are replying to.
      For more information, visit http://www.vim.org/maillist.php
    • Bram Moolenaar
      ... Thanks, I ll include it right away. -- From know your smileys : % Bike accident. A bit far-fetched, I suppose; although... o _ _ _ _o
      Message 2 of 3 , Jul 6, 2012
      • 0 Attachment
        Chris Webb wrote:

        > home_replace() calls vim_strchr() on the result of mch_getenv("HOME")
        > without checking for a NULL value. If $HOME is unset, this causes a segfault
        > reproducible with 'env -i src/vim /etc/passwd'. (Introduced in v7-3-559.)
        >
        > Fix by guarding vim_strstr(homedir_env, ...) with homedir_env != NULL.

        Thanks, I'll include it right away.


        --
        From "know your smileys":
        % Bike accident. A bit far-fetched, I suppose; although...
        o _ _ _
        _o /\_ _ \\o (_)\__/o (_)
        _< \_ _>(_) (_)/<_ \_| \ _|/' \/
        (_)>(_) (_) (_) (_) (_)' _\o_

        /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net \\\
        /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
        \\\ an exciting new programming language -- http://www.Zimbu.org ///
        \\\ help me help AIDS victims -- http://ICCF-Holland.org ///

        --
        You received this message from the "vim_dev" maillist.
        Do not top-post! Type your reply below the text you are replying to.
        For more information, visit http://www.vim.org/maillist.php
      • Chris Webb
        ... Thanks! Not a bug people are likely to hit other than once in a blue moon. I only saw it because I was using env -i a bit too enthusiastically in a chroot
        Message 3 of 3 , Jul 6, 2012
        • 0 Attachment
          Bram Moolenaar <Bram@...> writes:

          >
          > Chris Webb wrote:
          >
          > > home_replace() calls vim_strchr() on the result of mch_getenv("HOME")
          > > without checking for a NULL value. If $HOME is unset, this causes a segfault
          > > reproducible with 'env -i src/vim /etc/passwd'. (Introduced in v7-3-559.)
          > >
          > > Fix by guarding vim_strstr(homedir_env, ...) with homedir_env != NULL.
          >
          > Thanks, I'll include it right away.

          Thanks! Not a bug people are likely to hit other than once in a blue moon. I
          only saw it because I was using env -i a bit too enthusiastically in a
          chroot and was baffled by my editor segfaulting. :)

          Cheers,

          Chris.

          --
          You received this message from the "vim_dev" maillist.
          Do not top-post! Type your reply below the text you are replying to.
          For more information, visit http://www.vim.org/maillist.php
        Your message has been successfully submitted and would be delivered to recipients shortly.