To: vim_dev@googlegroups.com Subject: Patch 9.0.1492 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 9.0.1492 Problem: Using uninitialized memory when argument is missing. Solution: Check there are sufficient arguments before the base. (closes #12302) Files: src/evalfunc.c, src/vim9instr.c, src/testdir/test_expr.vim, src/testdir/test_listener.vim *** ../vim-9.0.1491/src/evalfunc.c 2023-04-24 21:09:28.125166628 +0100 --- src/evalfunc.c 2023-04-27 16:00:27.263607935 +0100 *************** *** 3134,3139 **** --- 3134,3142 ---- if (global_functions[fi].f_argtype == FEARG_2) { + if (argcount < 1) + return FCERR_TOOFEW; + // base value goes second argv[0] = argvars[0]; argv[1] = *basetv; *************** *** 3142,3147 **** --- 3145,3153 ---- } else if (global_functions[fi].f_argtype == FEARG_3) { + if (argcount < 2) + return FCERR_TOOFEW; + // base value goes third argv[0] = argvars[0]; argv[1] = argvars[1]; *************** *** 3151,3156 **** --- 3157,3165 ---- } else if (global_functions[fi].f_argtype == FEARG_4) { + if (argcount < 3) + return FCERR_TOOFEW; + // base value goes fourth argv[0] = argvars[0]; argv[1] = argvars[1]; *** ../vim-9.0.1491/src/vim9instr.c 2023-04-01 22:05:35.155519002 +0100 --- src/vim9instr.c 2023-04-27 16:19:33.348334023 +0100 *************** *** 1626,1633 **** if (method_call && argoff > 1) { ! isn_T *isn = generate_instr(cctx, ISN_SHUFFLE); if (isn == NULL) return FAIL; isn->isn_arg.shuffle.shfl_item = argcount; --- 1626,1639 ---- if (method_call && argoff > 1) { ! if (argcount < argoff) ! { ! semsg(_(e_not_enough_arguments_for_function_str), ! internal_func_name(func_idx)); ! return FAIL; ! } + isn_T *isn = generate_instr(cctx, ISN_SHUFFLE); if (isn == NULL) return FAIL; isn->isn_arg.shuffle.shfl_item = argcount; *** ../vim-9.0.1491/src/testdir/test_expr.vim 2022-11-02 13:30:37.542314565 +0000 --- src/testdir/test_expr.vim 2023-04-27 16:15:25.576179976 +0100 *************** *** 458,463 **** --- 458,466 ---- call v9.CheckLegacyAndVim9Success(lines) call v9.CheckLegacyAndVim9Failure(["call printf('123', 3)"], "E767:") + + " this was using uninitialized memory + call v9.CheckLegacyAndVim9Failure(["eval ''->printf()"], "E119:") endfunc func Test_printf_float() *** ../vim-9.0.1491/src/testdir/test_listener.vim 2022-09-02 17:12:03.668881359 +0100 --- src/testdir/test_listener.vim 2023-04-27 16:22:05.068428034 +0100 *************** *** 212,217 **** --- 212,219 ---- call assert_fails('call listener_add([])', 'E921:') call assert_fails('call listener_add("s:StoreListArgs", [])', 'E730:') call assert_fails('call listener_flush([])', 'E730:') + + call assert_fails('eval ""->listener_add()', 'E119:') endfunc func s:StoreBufList(buf, start, end, added, list) *** ../vim-9.0.1491/src/version.c 2023-04-26 19:01:39.883978985 +0100 --- src/version.c 2023-04-27 16:01:37.575654155 +0100 *************** *** 697,698 **** --- 697,700 ---- { /* Add new patch number below this line */ + /**/ + 1492, /**/ -- Friends? I have lots of friends! In fact, I have all episodes ever made. /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// \\\ \\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///