Soumettre #497546: VIM vim 68d08588928b29fe0b19e3513cd689486260ab1c illegal read accessinformation

TitreVIM vim 68d08588928b29fe0b19e3513cd689486260ab1c illegal read access
Description Vim crashes when the path specified by the --log option is inaccessible. **Steps to reproduce** compile vim (commit id: 68d0858) with "-g" option. run cmd vim --log /path/to/file **Expected behaviour** vim exited with an 'failed to open log file' error. **Version of Vim** 68d0858 **Environment** vim detail version VIM - Vi IMproved 9.1 (2024 Jan 02, compiled Feb 10 2025 14:21:36) Included patches: 1-1094 Compiled by swj@amax Huge version without GUI. Features included (+) or not (-): +acl +clientserver +diff +folding +langmap +mouse_dec +num64 +reltime +syntax +title +wildmenu +arabic +clipboard +digraphs -footer +libcall -mouse_gpm +packages +rightleft +tag_binary -toolbar +windows +autocmd +cmdline_compl -dnd +fork() +linebreak -mouse_jsbterm +path_extra -ruby -tag_old_static +user_commands +writebackup +autochdir +cmdline_hist -ebcdic +gettext +lispindent +mouse_netterm -perl +scrollbind -tag_any_white +vartabs +X11 -autoservername +cmdline_info +emacs_tags -hangul_input +listcmds +mouse_sgr +persistent_undo +signs -tcl +vertsplit +xattr -balloon_eval +comments +eval +iconv +localmap -mouse_sysmouse +popupwin +smartindent +termguicolors +vim9script +xfontset +balloon_eval_term +conceal +ex_extra +insert_expand -lua +mouse_urxvt +postscript -sodium +terminal +viminfo -xim -browse +cryptv +extra_search +ipv6 +menu +mouse_xterm +printer -sound +terminfo +virtualedit -xpm ++builtin_terms +cscope -farsi +job +mksession +multi_byte +profile +spell +termresponse +visual +xsmp_interact +byte_offset +cursorbind +file_in_path +jumplist +modify_fname +multi_lang -python +startuptime +textobjects +visualextra +xterm_clipboard +channel +cursorshape +find_in_path +keymap +mouse -mzscheme -python3 +statusline +textprop +vreplace -xterm_save +cindent +dialog_con +float +lambda -mouseshape +netbeans_intg +quickfix -sun_workshop +timers +wildignore system vimrc file: "$VIM/vimrc" user vimrc file: "$HOME/.vimrc" 2nd user vimrc file: "/.vim/vimrc" 3rd user vimrc file: "/.config/vim/vimrc" user exrc file: "$HOME/.exrc" defaults file: "$VIMRUNTIME/defaults.vim" fall-back for $VIM: "/data/swj/optfuzz/benchmark/vim/bins/share/vim" Compilation: gcc -c -I. -Iproto -DHAVE_CONFIG_H -fsanitize=address -g -D_REENTRANT -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=1 Linking: gcc -fsanitize=address -g -L/usr/local/lib -Wl,--as-needed -o vim -lSM -lICE -lXt -lX11 -lXdmcp -lSM -lICE -lm -ltinfo -lselinux -ldl **os version** No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 20.04.6 LTS Release: 20.04 Codename: focal **Logs and stack traces** (base) swj@amax /data/swj/optfuzz/benchmark/vim (master?) $ gdb /data/swj/optfuzz/benchmark/vim/bins/bin/vim GNU gdb (Ubuntu 9.2-0ubuntu1~20.04.2) 9.2 Copyright (C) 2020 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /data/swj/optfuzz/benchmark/vim/bins/bin/vim... (gdb) r --log /path/to/log Starting program: /data/swj/optfuzz/benchmark/vim/bins/bin/vim --log /path/to/log [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. 0x0000555555ef745c in get_emsg_lnum () at message.c:521 521 if (SOURCING_NAME != NULL (gdb) bt #0 0x0000555555ef745c in get_emsg_lnum () at message.c:521 #1 0x0000555555ef77be in msg_source (attr=0) at message.c:558 #2 0x0000555555ef8936 in emsg_core (s=0x555556143680 <e_cant_open_file_str> "E484: Can't open file %s") at message.c:784 #3 0x0000555555ef8b73 in semsg (s=0x555556143680 <e_cant_open_file_str> "E484: Can't open file %s") at message.c:829 #4 0x00005555559900aa in ch_logfile (fname=0x7fffffffe4ba "/path/to/log", opt=0x555555fe2880 "ao") at logfile.c:51 #5 0x0000555555ee6687 in main (argc=3, argv=0x7fffffffe178) at main.c:161
La source⚠️ https://github.com/vim/vim/issues/16606
Utilisateur
 wenjusun (UID 80422)
Soumission10/02/2025 14:57 (il y a 1 Année)
Modérer10/02/2025 23:56 (9 hours later)
StatutAccepté
Entrée VulDB295174 [vim jusqu’à 9.1.1096 src/main.c --log buffer overflow]
Points20

PrécédentAperçuSuivant

Interested in the pricing of exploits?

See the underground prices here!