Thanks to visit codestin.com
Credit goes to github.com

Skip to content

NULL pointer dereference in utf_ptr2char #2468

New issue
New issue
Closed
neovim/neovim
#9008
Closed
NULL pointer dereference in utf_ptr2char#2468
neovim/neovim
#9008
@gy741

Description

@gy741
gy741
opened on Dec 19, 2017

Hello.

I found a NULL pointer dereference in vim.

Please confirm.

Thanks.

Summary: NULL pointer dereference
OS: CentOS 7 64bit
Version: b254af3
PoC Download: null_utf_ptr2char.zip

Steps to reproduce:
1.Download the .POC files.
2.Compile the source code with ASan.
3.Execute the following command
: ./vim -u NONE -Z -X -e -s -S $POC -c :qa!

=================================================================
==21611==ERROR: AddressSanitizer: SEGV on unknown address 0x60208000952f (pc 0x000000c6a02b bp 0x7ffc2b2a19b0 sp 0x7ffc2b2a16c0 T0)
    #0 0xc6a02a in utf_ptr2char /home/karas/vim/src/mbyte.c:1794:9
    #1 0xb7915c in gchar_pos /home/karas/vim/src/misc1.c:2657:9
    #2 0x10cace9 in findsent /home/karas/vim/src/search.c:2738:6
    #3 0xaa345a in getmark_buf_fnum /home/karas/vim/src/mark.c:394:6
    #4 0xaa2924 in getmark_buf /home/karas/vim/src/mark.c:324:12
    #5 0xfc5e19 in nfa_regmatch /home/karas/vim/src/./regexp_nfa.c:6655:16
    #6 0xfab49c in nfa_regtry /home/karas/vim/src/./regexp_nfa.c:7033:14
    #7 0xfa9597 in nfa_regexec_both /home/karas/vim/src/./regexp_nfa.c:7226:14
    #8 0xf5eda1 in nfa_regexec_multi /home/karas/vim/src/./regexp_nfa.c:7437:12
    #9 0xf1621c in vim_regexec_multi /home/karas/vim/src/regexp.c:8360:14
    #10 0x10ae40d in searchit /home/karas/vim/src/search.c:757:14
    #11 0x10b9e4b in do_search /home/karas/vim/src/search.c:1484:6
    #12 0x883d2e in get_address /home/karas/vim/src/ex_docmd.c:4535:12
    #13 0x8368ba in do_one_cmd /home/karas/vim/src/ex_docmd.c:2114:9
    #14 0x82727d in do_cmdline /home/karas/vim/src/ex_docmd.c:1071:17
    #15 0x813fb7 in do_source /home/karas/vim/src/ex_cmds2.c:4411:5
    #16 0x810477 in cmd_source /home/karas/vim/src/ex_cmds2.c:4024:14
    #17 0x810596 in ex_source /home/karas/vim/src/ex_cmds2.c:3999:2
    #18 0x847da1 in do_one_cmd /home/karas/vim/src/ex_docmd.c:2908:2
    #19 0x82727d in do_cmdline /home/karas/vim/src/ex_docmd.c:1071:17
    #20 0x82c835 in do_cmdline_cmd /home/karas/vim/src/ex_docmd.c:671:12
    #21 0x1658084 in exe_commands /home/karas/vim/src/main.c:2953:2
    #22 0x1651bc6 in vim_main2 /home/karas/vim/src/main.c:800:2
    #23 0x1642d2d in main /home/karas/vim/src/main.c:429:12
    #24 0x7f37a01a882f in __libc_start_main /build/glibc-bfm8X4/glibc-2.23/csu/../csu/libc-start.c:291
    #25 0x41aaa8 in _start (/home/karas/vim/src/vim+0x41aaa8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/karas/vim/src/mbyte.c:1794:9 in utf_ptr2char
==21611==ABORTING

==========
[Acknowledgement]
This work was supported by ICT R&D program of MSIP/IITP. [R7518-16-1001, Innovation hub for high Performance Computing]

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions