Patch 9.0.1144
Problem: Reading beyond text.
Solution: Add strlen_maxlen() and use it.
Files: src/strings.c, src/proto/strings.pro, src/message.c,
src/testdir/test_cmdline.vim
*** ../vim-9.0.1143/src/strings.c 2022-09-28 16:16:10.256335629 +0100
--- src/strings.c 2023-01-04 15:50:40.712617828 +0000
***************
*** 525,530 ****
--- 525,543 ----
mch_memmove(to + tolen, from, fromlen + 1);
}
+ /*
+ * A version of strlen() that has a maximum length.
+ */
+ size_t
+ vim_strlen_maxlen(char *s, size_t maxlen)
+ {
+ size_t i;
+ for (i = 0; i < maxlen; ++i)
+ if (s[i] == NUL)
+ break;
+ return i;
+ }
+
#if (!defined(HAVE_STRCASECMP) && !defined(HAVE_STRICMP)) || defined(PROTO)
/*
* Compare two strings, ignoring case, using current locale.
***************
*** 582,588 ****
* 128 to 255 correctly. It also doesn't return a pointer to the NUL at the
* end of the string.
*/
! char_u *
vim_strchr(char_u *string, int c)
{
char_u *p;
--- 595,601 ----
* 128 to 255 correctly. It also doesn't return a pointer to the NUL at the
* end of the string.
*/
! char_u *
vim_strchr(char_u *string, int c)
{
char_u *p;
*** ../vim-9.0.1143/src/proto/strings.pro 2022-09-22 17:06:56.295037465
+0100
--- src/proto/strings.pro 2023-01-04 15:48:47.464642284 +0000
***************
*** 12,17 ****
--- 12,18 ----
void del_trailing_spaces(char_u *ptr);
void vim_strncpy(char_u *to, char_u *from, size_t len);
void vim_strcat(char_u *to, char_u *from, size_t tosize);
+ size_t vim_strlen_maxlen(char *s, size_t maxlen);
int vim_stricmp(char *s1, char *s2);
int vim_strnicmp(char *s1, char *s2, size_t len);
char_u *vim_strchr(char_u *string, int c);
*** ../vim-9.0.1143/src/message.c 2022-11-30 20:20:52.751228273 +0000
--- src/message.c 2023-01-04 15:50:25.132621050 +0000
***************
*** 3055,3061 ****
{
char_u *tofree = NULL;
! if (maxlen > 0 && STRLEN(p) > (size_t)maxlen)
{
tofree = vim_strnsave(p, (size_t)maxlen);
p = tofree;
--- 3055,3062 ----
{
char_u *tofree = NULL;
! if (maxlen > 0 && vim_strlen_maxlen((char *)p, (size_t)maxlen)
! >= (size_t)maxlen)
{
tofree = vim_strnsave(p, (size_t)maxlen);
p = tofree;
*** ../vim-9.0.1143/src/testdir/test_cmdline.vim 2022-12-08
15:44:19.456975360 +0000
--- src/testdir/test_cmdline.vim 2023-01-04 15:44:18.328711699 +0000
***************
*** 654,659 ****
--- 654,670 ----
call assert_fails('call getcompletion("abc", [])', 'E1174:')
endfunc
+ func Test_multibyte_expression()
+ " This was using uninitialized memory.
+ let lines =<< trim END
+ set verbose=6
+ norm @=ٷ
+ qall!
+ END
+ call writefile(lines, 'XmultiScript', 'D')
+ call RunVim('', '', '-u NONE -n -e -s -S XmultiScript')
+ endfunc
+
" Test for getcompletion() with "fuzzy" in 'wildoptions'
func Test_getcompletion_wildoptions()
let save_wildoptions = &wildoptions
*** ../vim-9.0.1143/src/version.c 2023-01-04 14:31:46.102074865 +0000
--- src/version.c 2023-01-04 15:56:05.764557561 +0000
***************
*** 697,698 ****
--- 697,700 ----
{ /* Add new patch number below this line */
+ /**/
+ 1144,
/**/
--
The problem with political jokes is that they get elected.
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/vim_dev/20230104155732.311E61C0865%40moolenaar.net.
