Patch 8.2.1560
Problem: Using NULL pointers in some code. (James McCoy)
Solution: Avoid adding to a NULL pointer. Use byte as unsigned.
Files: src/fold.c, src/eval.c, src/spellsuggest.c, src/spellfile.c,
src/vim9compile.c
*** ../vim-8.2.1559/src/fold.c 2020-08-31 21:22:34.044175561 +0200
--- src/fold.c 2020-09-01 19:27:10.650832221 +0200
***************
*** 1314,1320 ****
if (!foldFind(gap, lnum, &fp))
{
// If there is a following fold, continue there next time.
! if (fp < (fold_T *)gap->ga_data + gap->ga_len)
next = fp->fd_top + off;
break;
}
--- 1314,1320 ----
if (!foldFind(gap, lnum, &fp))
{
// If there is a following fold, continue there next time.
! if (fp != NULL && fp < (fold_T *)gap->ga_data + gap->ga_len)
next = fp->fd_top + off;
break;
}
***************
*** 2905,2922 ****
// any between top and bot, they have been removed by the caller.
gap1 = &fp->fd_nested;
gap2 = &fp[1].fd_nested;
! (void)(foldFind(gap1, bot + 1 - fp->fd_top, &fp2));
! len = (int)((fold_T *)gap1->ga_data + gap1->ga_len - fp2);
! if (len > 0 && ga_grow(gap2, len) == OK)
! {
! for (idx = 0; idx < len; ++idx)
! {
! ((fold_T *)gap2->ga_data)[idx] = fp2[idx];
! ((fold_T *)gap2->ga_data)[idx].fd_top
! -= fp[1].fd_top - fp->fd_top;
}
- gap2->ga_len = len;
- gap1->ga_len -= len;
}
fp->fd_len = top - fp->fd_top;
fold_changed = TRUE;
--- 2905,2924 ----
// any between top and bot, they have been removed by the caller.
gap1 = &fp->fd_nested;
gap2 = &fp[1].fd_nested;
! if (foldFind(gap1, bot + 1 - fp->fd_top, &fp2))
! {
! len = (int)((fold_T *)gap1->ga_data + gap1->ga_len - fp2);
! if (len > 0 && ga_grow(gap2, len) == OK)
! {
! for (idx = 0; idx < len; ++idx)
! {
! ((fold_T *)gap2->ga_data)[idx] = fp2[idx];
! ((fold_T *)gap2->ga_data)[idx].fd_top
! -= fp[1].fd_top - fp->fd_top;
! }
! gap2->ga_len = len;
! gap1->ga_len -= len;
}
}
fp->fd_len = top - fp->fd_top;
fold_changed = TRUE;
*** ../vim-8.2.1559/src/eval.c 2020-08-30 23:24:17.223401357 +0200
--- src/eval.c 2020-09-01 19:29:29.570332869 +0200
***************
*** 395,401 ****
typval_T rettv;
int res;
int vim9script = in_vim9script();
! garray_T *gap = &evalarg->eval_ga;
int save_flags = evalarg == NULL ? 0 : evalarg->eval_flags;
int evaluate = evalarg == NULL
? FALSE : (evalarg->eval_flags & EVAL_EVALUATE);
--- 395,401 ----
typval_T rettv;
int res;
int vim9script = in_vim9script();
! garray_T *gap = evalarg == NULL ? NULL : &evalarg->eval_ga;
int save_flags = evalarg == NULL ? 0 : evalarg->eval_flags;
int evaluate = evalarg == NULL
? FALSE : (evalarg->eval_flags & EVAL_EVALUATE);
*** ../vim-8.2.1559/src/spellsuggest.c 2020-07-01 13:15:21.414343245 +0200
--- src/spellsuggest.c 2020-09-01 19:31:06.789983816 +0200
***************
*** 3606,3611 ****
--- 3606,3613 ----
int len;
hlf_T attr;
+ if (gap->ga_len == 0)
+ return;
stp = &SUG(*gap, 0);
for (i = gap->ga_len - 1; i >= 0; --i)
{
*** ../vim-8.2.1559/src/spellfile.c 2020-08-24 20:05:46.837560546 +0200
--- src/spellfile.c 2020-09-01 19:33:14.685524984 +0200
***************
*** 816,822 ****
// read the length bytes, MSB first
for (i = 0; i < cnt_bytes; ++i)
! cnt = (cnt << 8) + getc(fd);
if (cnt < 0)
{
*cntp = SP_TRUNCERROR;
--- 816,822 ----
// read the length bytes, MSB first
for (i = 0; i < cnt_bytes; ++i)
! cnt = (cnt << 8) + (unsigned)getc(fd);
if (cnt < 0)
{
*cntp = SP_TRUNCERROR;
*** ../vim-8.2.1559/src/vim9compile.c 2020-08-30 23:24:17.219401371 +0200
--- src/vim9compile.c 2020-09-01 19:37:05.852696726 +0200
***************
*** 1147,1153 ****
isn->isn_arg.number = count;
// get the member type from all the items on the stack.
! member = get_member_type_from_stack(
((type_T **)stack->ga_data) + stack->ga_len, count, 1,
cctx->ctx_type_list);
type = get_list_type(member, cctx->ctx_type_list);
--- 1147,1156 ----
isn->isn_arg.number = count;
// get the member type from all the items on the stack.
! if (count == 0)
! member = &t_void;
! else
! member = get_member_type_from_stack(
((type_T **)stack->ga_data) + stack->ga_len, count, 1,
cctx->ctx_type_list);
type = get_list_type(member, cctx->ctx_type_list);
***************
*** 1180,1186 ****
return FAIL;
isn->isn_arg.number = count;
! member = get_member_type_from_stack(
((type_T **)stack->ga_data) + stack->ga_len, count, 2,
cctx->ctx_type_list);
type = get_dict_type(member, cctx->ctx_type_list);
--- 1183,1192 ----
return FAIL;
isn->isn_arg.number = count;
! if (count == 0)
! member = &t_void;
! else
! member = get_member_type_from_stack(
((type_T **)stack->ga_data) + stack->ga_len, count, 2,
cctx->ctx_type_list);
type = get_dict_type(member, cctx->ctx_type_list);
*** ../vim-8.2.1559/src/version.c 2020-09-01 17:50:48.316192921 +0200
--- src/version.c 2020-09-01 19:22:56.155749967 +0200
***************
*** 756,757 ****
--- 756,759 ----
{ /* Add new patch number below this line */
+ /**/
+ 1560,
/**/
--
LAUNCELOT leaps into SHOT with a mighty cry and runs the GUARD through and
hacks him to the floor. Blood. Swashbuckling music (perhaps).
LAUNCELOT races through into the castle screaming.
SECOND SENTRY: Hey!
"Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/vim_dev/202009011756.081HujPD3374454%40masaka.moolenaar.net.
