[patch] fix stack corruption in vim/src/gui_riscos.c
Running cppcheck static analyzer on vim/src/gui_riscos.c gives
the following warnings:
$ cppcheck gui_riscos.c
[gui_riscos.c:1764] -> [gui_riscos.c:2291]: (error) Array
'front_block' index 20 out of bounds
[gui_riscos.c:1764] -> [gui_riscos.c:2293]: (error) Array
'front_block' index 28 out of bounds
1757 if (button & 0x444)
!!1759 int front_block;
1760 /* Dragging with Select - bring window to front first */
1761 front_block = gui.window_handle;
1762 swi(Wimp_GetWindowState, 0, front_block);
1763 front_block = -1;
2286 int *block;
2288 int toggle_size;
2290 /* Find out if the user clicked on the toggle size icon. */
!!2291 block = block;
2292 swi(Wimp_GetWindowState, 0, block + 20);
2293 toggle_size = block & (1 << 19);
ro_open_main() is called at line 1764 with buffer 'front_block'
which is 10-int large. But the first thing that ro_open_main() does
is setting block which is thus corrupting the stack.
Attached patch fixes it by making front_block size 64 int instead
of 10 int (just as other places where ro_open_main() is called).
ro_open_main() and other functions could also be static since
they are only used within gui_riscos.c but I leave that as it is
since I don't have riscos to verify.
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php