To: vim-dev@vim.org Subject: patch 7.1.054 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit ------------ Patch 7.1.054 Problem: Accessing uninitialized memory when displaying the fold column. Solution: Add a NUL to the extra array. (Dominique Pelle). Also do this in a couple of other situations. Files: src/screen.c *** ../vim-7.1.053/src/screen.c Mon Jul 30 21:59:50 2007 --- src/screen.c Sun Aug 5 16:10:53 2007 *************** *** 2555,2561 **** char_u extra[18]; /* "%ld" and 'fdc' must fit in here */ int n_extra = 0; /* number of extra chars */ ! char_u *p_extra = NULL; /* string of extra chars */ int c_extra = NUL; /* extra chars, all the same */ int extra_attr = 0; /* attributes when n_extra != 0 */ static char_u *at_end_str = (char_u *)""; /* used for p_extra when --- 2555,2561 ---- char_u extra[18]; /* "%ld" and 'fdc' must fit in here */ int n_extra = 0; /* number of extra chars */ ! char_u *p_extra = NULL; /* string of extra chars, plus NUL */ int c_extra = NUL; /* extra chars, all the same */ int extra_attr = 0; /* attributes when n_extra != 0 */ static char_u *at_end_str = (char_u *)""; /* used for p_extra when *************** *** 3189,3198 **** if (cmdwin_type != 0 && wp == curwin) { /* Draw the cmdline character. */ - *extra = cmdwin_type; n_extra = 1; ! p_extra = extra; ! c_extra = NUL; char_attr = hl_attr(HLF_AT); } } --- 3189,3196 ---- if (cmdwin_type != 0 && wp == curwin) { /* Draw the cmdline character. */ n_extra = 1; ! c_extra = cmdwin_type; char_attr = hl_attr(HLF_AT); } } *************** *** 3208,3213 **** --- 3206,3212 ---- fill_foldcolumn(extra, wp, FALSE, lnum); n_extra = wp->w_p_fdc; p_extra = extra; + p_extra[n_extra] = NUL; c_extra = NUL; char_attr = hl_attr(HLF_FC); } *************** *** 3550,3558 **** * Get the next character to put on the screen. */ /* ! * The 'extra' array contains the extra stuff that is inserted to ! * represent special characters (non-printable stuff). When all ! * characters are the same, c_extra is used. * For the '$' of the 'list' option, n_extra == 1, p_extra == "". */ if (n_extra > 0) --- 3549,3559 ---- * Get the next character to put on the screen. */ /* ! * The "p_extra" points to the extra stuff that is inserted to ! * represent special characters (non-printable stuff) and other ! * things. When all characters are the same, c_extra is used. ! * "p_extra" must end in a NUL to avoid mb_ptr2len() reads past ! * "p_extra[n_extra]". * For the '$' of the 'list' option, n_extra == 1, p_extra == "". */ if (n_extra > 0) *************** *** 3808,3817 **** * a '<' in the first column. */ if (n_skip > 0 && mb_l > 1) { - extra[0] = '<'; - p_extra = extra; n_extra = 1; ! c_extra = NUL; c = ' '; if (area_attr == 0 && search_attr == 0) { --- 3809,3816 ---- * a '<' in the first column. */ if (n_skip > 0 && mb_l > 1) { n_extra = 1; ! c_extra = '<'; c = ' '; if (area_attr == 0 && search_attr == 0) { *************** *** 6204,6211 **** return; off = LineOffset[row] + col; ! while (*ptr != NUL && col < screen_Columns ! && (len < 0 || (int)(ptr - text) < len)) { c = *ptr; #ifdef FEAT_MBYTE --- 6203,6211 ---- return; off = LineOffset[row] + col; ! while (col < screen_Columns ! && (len < 0 || (int)(ptr - text) < len) ! && *ptr != NUL) { c = *ptr; #ifdef FEAT_MBYTE *** ../vim-7.1.053/src/version.c Sun Aug 5 19:20:04 2007 --- src/version.c Sun Aug 5 20:07:47 2007 *************** *** 668,669 **** --- 668,671 ---- { /* Add new patch number below this line */ + /**/ + 54, /**/ -- From "know your smileys": +<(:-) The Pope /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ download, build and distribute -- http://www.A-A-P.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///