From 0b3fa6869fcf418d3052c397f05b28a2bd9d0712 Mon Sep 17 00:00:00 2001 From: Johannes Altmanninger Date: Sat, 24 Jul 2021 11:21:19 +0200 Subject: [PATCH] Fix null dereferences on unset format strings Prior to this commit, argv_format() reported success but left its output string as null in some cases. For example, this happened when the format string was "%(cmdlineargs)" and the corresponding option ("opt_cmdline_args") was null. Some callers checked if the output string was null, but others didn't. As a result, the following two commands would crash Tig :!%(cmdlineargs) :echo %(cmdlineargs) Fix the root of the problem by making argv_format() fail whenever its output string is null. This works better for most callers. Now instead of crashing, ":echo %(cmdlineargs)" fails, which is debatable. In future this could be improved to print an empty string, however, we should take care to still report errors on ":echo %(invalid)". --- src/argv.c | 2 +- src/prompt.c | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/argv.c b/src/argv.c index de0bcf43e..27e6d3141 100644 --- a/src/argv.c +++ b/src/argv.c @@ -472,7 +472,7 @@ argv_format(struct argv_env *argv_env, const char ***dst_argv, const char *src_a } } - return src_argv[argc] == NULL; + return src_argv[argc] == NULL && *dst_argv; } static inline bool diff --git a/src/prompt.c b/src/prompt.c index bc037a953..d7dd74e25 100644 --- a/src/prompt.c +++ b/src/prompt.c @@ -1102,8 +1102,7 @@ exec_run_request(struct view *view, struct run_request *req) if (!argv_to_string(req->argv, cmd, sizeof(cmd), " ") || !argv_from_string_no_quotes(req_argv, &req_argc, cmd) - || !argv_format(view->env, &argv, req_argv, false, true) - || !argv) { + || !argv_format(view->env, &argv, req_argv, false, true)) { report("Failed to format arguments"); return REQ_NONE; }