Loading ...
Sorry, an error occurred while loading the content.

2088SEGV in msg_may_trunc()

Expand Messages
  • Pawel S. Veselov
    Dec 21 8:39 AM
      Hi,

      VIM (6.3.85p0) on openBSD 3.8, built from /usr/ports.

      in message.c there is a probable SEGV in msg_may_trunc() function.
      If multibyte string is passed in, and the size of the string in characters
      is less than room, but size in bytes is more than room, the (s-1) address
      is then written to, as (n) becomes -1.

      The attached patch should help. Should work on 6.4 as well.

      What I still don't understand is how it is OK to replace some position
      in asciiz string with '>'. Does anything guarantee that the position the
      '>' is written to is not a part of a multibyte character ?

      Thanks,
      Pawel.


      Bye.
      --
      Pawel S. Veselov [vps], Sun Microsystems, Inc.
      Staff Engineer, Java Mobile Systems and Services Engineering __ __(O) _ __
      (408) 276-5410 e-mail: Pawel.Veselov@... \ V /| || ' \
      fax(408) 276-6090 HomePage: http://manticore.2y.net \_/ |_||_|_|_|
    • Show all 5 messages in this topic