To: vim_dev@googlegroups.com Subject: Patch 9.0.1144 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 9.0.1144 Problem: Reading beyond text. Solution: Add strlen_maxlen() and use it. Files: src/strings.c, src/proto/strings.pro, src/message.c, src/testdir/test_cmdline.vim *** ../vim-9.0.1143/src/strings.c 2022-09-28 16:16:10.256335629 +0100 --- src/strings.c 2023-01-04 15:50:40.712617828 +0000 *************** *** 525,530 **** --- 525,543 ---- mch_memmove(to + tolen, from, fromlen + 1); } + /* + * A version of strlen() that has a maximum length. + */ + size_t + vim_strlen_maxlen(char *s, size_t maxlen) + { + size_t i; + for (i = 0; i < maxlen; ++i) + if (s[i] == NUL) + break; + return i; + } + #if (!defined(HAVE_STRCASECMP) && !defined(HAVE_STRICMP)) || defined(PROTO) /* * Compare two strings, ignoring case, using current locale. *************** *** 582,588 **** * 128 to 255 correctly. It also doesn't return a pointer to the NUL at the * end of the string. */ ! char_u * vim_strchr(char_u *string, int c) { char_u *p; --- 595,601 ---- * 128 to 255 correctly. It also doesn't return a pointer to the NUL at the * end of the string. */ ! char_u * vim_strchr(char_u *string, int c) { char_u *p; *** ../vim-9.0.1143/src/proto/strings.pro 2022-09-22 17:06:56.295037465 +0100 --- src/proto/strings.pro 2023-01-04 15:48:47.464642284 +0000 *************** *** 12,17 **** --- 12,18 ---- void del_trailing_spaces(char_u *ptr); void vim_strncpy(char_u *to, char_u *from, size_t len); void vim_strcat(char_u *to, char_u *from, size_t tosize); + size_t vim_strlen_maxlen(char *s, size_t maxlen); int vim_stricmp(char *s1, char *s2); int vim_strnicmp(char *s1, char *s2, size_t len); char_u *vim_strchr(char_u *string, int c); *** ../vim-9.0.1143/src/message.c 2022-11-30 20:20:52.751228273 +0000 --- src/message.c 2023-01-04 15:50:25.132621050 +0000 *************** *** 3055,3061 **** { char_u *tofree = NULL; ! if (maxlen > 0 && STRLEN(p) > (size_t)maxlen) { tofree = vim_strnsave(p, (size_t)maxlen); p = tofree; --- 3055,3062 ---- { char_u *tofree = NULL; ! if (maxlen > 0 && vim_strlen_maxlen((char *)p, (size_t)maxlen) ! >= (size_t)maxlen) { tofree = vim_strnsave(p, (size_t)maxlen); p = tofree; *** ../vim-9.0.1143/src/testdir/test_cmdline.vim 2022-12-08 15:44:19.456975360 +0000 --- src/testdir/test_cmdline.vim 2023-01-04 15:44:18.328711699 +0000 *************** *** 654,659 **** --- 654,670 ---- call assert_fails('call getcompletion("abc", [])', 'E1174:') endfunc + func Test_multibyte_expression() + " This was using uninitialized memory. + let lines =<< trim END + set verbose=6 + norm @=ٷ + qall! + END + call writefile(lines, 'XmultiScript', 'D') + call RunVim('', '', '-u NONE -n -e -s -S XmultiScript') + endfunc + " Test for getcompletion() with "fuzzy" in 'wildoptions' func Test_getcompletion_wildoptions() let save_wildoptions = &wildoptions *** ../vim-9.0.1143/src/version.c 2023-01-04 14:31:46.102074865 +0000 --- src/version.c 2023-01-04 15:56:05.764557561 +0000 *************** *** 697,698 **** --- 697,700 ---- { /* Add new patch number below this line */ + /**/ + 1144, /**/ -- The problem with political jokes is that they get elected. /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// \\\ \\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///