[vim/vim] Null Pointer dereference in cs_find_common (Issue #18225)

5 views
Skip to first unread message

ashamedbit

unread,
Sep 6, 2025, 9:54:30 PM (7 days ago) Sep 6
to vim/vim, Subscribed
ashamedbit created an issue (vim/vim#18225)

Steps to reproduce

In the function cs_find_common,
https://github.com/vim/vim/blob/510ca80c58088276d8b1744a729f69d34c550566/src/if_cscope.c#L1231-L1235

char_u *tmp = vim_tempname('c', TRUE);

First the temporary file is created. Subsequently the temporary file is directly opened without checking if the temp file was successfully created:

f = mch_fopen((char *)tmp, "w");

A NULL check for tmp will suffice to prevent Null pointer dereference similar to how its used in other files:
https://github.com/vim/vim/blob/510ca80c58088276d8b1744a729f69d34c550566/src/diff.c#L955-L961

Expected behaviour

A NULL check for tmp before the temp file is opened

Version of Vim

master

Environment

Ubuntu

Logs and stack traces





Reply to this email directly, view it on GitHub.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/issues/18225@github.com>




Christian Brabandt
unread,
Sep 8, 2025, 3:39:07 AM (5 days ago) Sep 8
to vim/vim, Subscribed
chrisbra left a comment (vim/vim#18225)


Please create a PR. THanks




Reply to this email directly, view it on GitHub.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/issues/18225/3264996946@github.com>




Christian Brabandt
unread,
Sep 9, 2025, 3:26:53 PM (4 days ago) Sep 9
to vim/vim, Subscribed


Closed #18225 as completed via 12b9431.




Reply to this email directly, view it on GitHub.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/issue/18225/issue_event/19597172649@github.com>


Reply all
Reply to author
Forward
0 new messages