Loading ...
Sorry, an error occurred while loading the content.

Patch 7.2a.010

Expand Messages
  • Bram Moolenaar
    Patch 7.2a.010 Problem: When a file name has an illegal byte sequence Vim may read uninitialised memory. Solution: Don t use UTF_COMPOSINGLIKE() on an
    Message 1 of 1 , Jun 29, 2008
    • 0 Attachment
      Patch 7.2a.010
      Problem: When a file name has an illegal byte sequence Vim may read
      uninitialised memory.
      Solution: Don't use UTF_COMPOSINGLIKE() on an illegal byte. In
      msg_outtrans_len_attr() use char2cells() instead of ptr2cells().
      In utf_ptr2char() don't check second byte when first byte is
      illega. (Dominique Pelle)
      Files: src/mbyte.c, src/message.c


      *** ../vim-7.2a.009/src/mbyte.c Tue Jun 24 23:15:45 2008
      --- src/mbyte.c Sun Jun 29 16:00:54 2008
      ***************
      *** 1387,1393 ****
      return p[0];

      len = utf8len_tab[p[0]];
      ! if ((p[1] & 0xc0) == 0x80)
      {
      if (len == 2)
      return ((p[0] & 0x1f) << 6) + (p[1] & 0x3f);
      --- 1387,1393 ----
      return p[0];

      len = utf8len_tab[p[0]];
      ! if (len > 1 && (p[1] & 0xc0) == 0x80)
      {
      if (len == 2)
      return ((p[0] & 0x1f) << 6) + (p[1] & 0x3f);
      ***************
      *** 1753,1766 ****
      #endif
      while (len < size)
      {
      ! if (p[len] < 0x80 || !UTF_COMPOSINGLIKE(p + prevlen, p + len))
      break;

      /* Skip over composing char */
      #ifdef FEAT_ARABIC
      prevlen = len;
      #endif
      ! len += utf_ptr2len_len(p + len, size - len);
      }
      return len;
      }
      --- 1753,1779 ----
      #endif
      while (len < size)
      {
      ! int len_next_char;
      !
      ! if (p[len] < 0x80)
      ! break;
      !
      ! /*
      ! * Next character length should not go beyond size to ensure that
      ! * UTF_COMPOSINGLIKE(...) does not read beyond size.
      ! */
      ! len_next_char = utf_ptr2len_len(p + len, size - len);
      ! if (len_next_char > size - len)
      ! break;
      !
      ! if (!UTF_COMPOSINGLIKE(p + prevlen, p + len))
      break;

      /* Skip over composing char */
      #ifdef FEAT_ARABIC
      prevlen = len;
      #endif
      ! len += len_next_char;
      }
      return len;
      }
      *** ../vim-7.2a.009/src/message.c Sat Jun 28 16:09:31 2008
      --- src/message.c Sun Jun 29 15:57:17 2008
      ***************
      *** 1391,1397 ****
      plain_start = str + 1;
      msg_puts_attr(s, attr == 0 ? hl_attr(HLF_8) : attr);
      }
      ! retval += ptr2cells(str);
      ++str;
      }
      }
      --- 1391,1397 ----
      plain_start = str + 1;
      msg_puts_attr(s, attr == 0 ? hl_attr(HLF_8) : attr);
      }
      ! retval += char2cells(*str);
      ++str;
      }
      }
      *** ../vim-7.2a.009/src/version.c Sun Jun 29 13:59:48 2008
      --- src/version.c Sun Jun 29 16:12:49 2008
      ***************
      *** 678,679 ****
      --- 678,681 ----
      { /* Add new patch number below this line */
      + /**/
      + 10,
      /**/

      --
      hundred-and-one symptoms of being an internet addict:
      118. You are on a first-name basis with your ISP's staff.

      /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net \\\
      /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
      \\\ download, build and distribute -- http://www.A-A-P.org ///
      \\\ help me help AIDS victims -- http://ICCF-Holland.org ///

      --~--~---------~--~----~------------~-------~--~----~
      You received this message from the "vim_dev" maillist.
      For more information, visit http://www.vim.org/maillist.php
      -~----------~----~----~----~------~----~------~--~---
    Your message has been successfully submitted and would be delivered to recipients shortly.