Fix null dereferences on unset format strings

Prior to this commit, argv_format() reported success but left its output string as null in some cases. For example, this happened when the format string was "%(cmdlineargs)" and the corresponding option ("opt_cmdline_args") was null. Some callers checked if the output string was null, but others didn't. As a result, the following two commands would crash Tig :!%(cmdlineargs) :echo %(cmdlineargs) Fix the root of the problem by making argv_format() fail whenever its output string is null. This works better for most callers. Now instead of crashing, ":echo %(cmdlineargs)" fails, which is debatable. In future this could be improved to print an empty string, however, we should take care to still report errors on ":echo %(invalid)".
jonas · Sep 13, 2021 · 0b3fa68 · 0b3fa68
1 parent 529182c
commit 0b3fa68
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 3 deletions.
diff --git a/src/argv.c b/src/argv.c
@@ -472,7 +472,7 @@ argv_format(struct argv_env *argv_env, const char ***dst_argv, const char *src_a
 		}
 	}
 
-	return src_argv[argc] == NULL;
+	return src_argv[argc] == NULL && *dst_argv;
 }
 
 static inline bool

diff --git a/src/prompt.c b/src/prompt.c
@@ -1102,8 +1102,7 @@ exec_run_request(struct view *view, struct run_request *req)
 
 	if (!argv_to_string(req->argv, cmd, sizeof(cmd), " ")
 	    || !argv_from_string_no_quotes(req_argv, &req_argc, cmd)
-	    || !argv_format(view->env, &argv, req_argv, false, true)
-	    || !argv) {
+	    || !argv_format(view->env, &argv, req_argv, false, true)) {
 		report("Failed to format arguments");
 		return REQ_NONE;
 	}
-Original file line number
+Diff line change
@@ Expand Up @@
     		}
     	}
-    	return src_argv[argc] == NULL;
+    	return src_argv[argc] == NULL && *dst_argv;
     }
     static inline bool
@@ Expand Down @@