Patch 7.2.406

Tue, 23 Mar 2010 07:37:00 -0700 

Patch 7.2.406
Problem:    Patch 7.2.119 introduces uninit mem read. (Dominique Pelle)
Solution:   Only used ScreeenLinesC when ScreeenLinesUC is not zero. (Yukihiro
            Nakadaira)  Also clear ScreeenLinesC when allocating.
Files:      src/screen.c


*** ../vim-7.2.405/src/screen.c 2010-03-23 13:56:53.000000000 +0100
--- src/screen.c        2010-03-23 15:26:44.000000000 +0100
***************
*** 25,34 ****
   * one character which occupies two display cells.
   * For UTF-8 a multi-byte character is converted to Unicode and stored in
   * ScreenLinesUC[].  ScreenLines[] contains the first byte only.  For an ASCII
!  * character without composing chars ScreenLinesUC[] will be 0.  When the
!  * character occupies two display cells the next byte in ScreenLines[] is 0.
   * ScreenLinesC[][] contain up to 'maxcombine' composing characters
!  * (drawn on top of the first character).  They are 0 when not used.
   * ScreenLines2[] is only used for euc-jp to store the second byte if the
   * first byte is 0x8e (single-width character).
   *
--- 25,35 ----
   * one character which occupies two display cells.
   * For UTF-8 a multi-byte character is converted to Unicode and stored in
   * ScreenLinesUC[].  ScreenLines[] contains the first byte only.  For an ASCII
!  * character without composing chars ScreenLinesUC[] will be 0 and
!  * ScreenLinesC[][] is not used.  When the character occupies two display
!  * cells the next byte in ScreenLines[] is 0.
   * ScreenLinesC[][] contain up to 'maxcombine' composing characters
!  * (drawn on top of the first character).  There is 0 after the last one used.
   * ScreenLines2[] is only used for euc-jp to store the second byte if the
   * first byte is 0x8e (single-width character).
   *
***************
*** 4893,4898 ****
--- 4894,4900 ----
  
  /*
   * Return if the composing characters at "off_from" and "off_to" differ.
+  * Only to be used when ScreenLinesUC[off_from] != 0.
   */
      static int
  comp_char_differs(off_from, off_to)
***************
*** 6281,6286 ****
--- 6283,6289 ----
  /*
   * Return TRUE if composing characters for screen posn "off" differs from
   * composing characters in "u8cc".
+  * Only to be used when ScreenLinesUC[off] != 0.
   */
      static int
  screen_comp_differs(off, u8cc)
***************
*** 6461,6468 ****
                    && c == 0x8e
                    && ScreenLines2[off] != ptr[1])
                || (enc_utf8
!                   && (ScreenLinesUC[off] != (u8char_T)(c >= 0x80 ? u8c : 0)
!                       || screen_comp_differs(off, u8cc)))
  #endif
                || ScreenAttrs[off] != attr
                || exmode_active;
--- 6464,6473 ----
                    && c == 0x8e
                    && ScreenLines2[off] != ptr[1])
                || (enc_utf8
!                   && (ScreenLinesUC[off] !=
!                               (u8char_T)(c < 0x80 && u8cc[0] == 0 ? 0 : u8c)
!                       || (ScreenLinesUC[off] != 0
!                                         && screen_comp_differs(off, u8cc))))
  #endif
                || ScreenAttrs[off] != attr
                || exmode_active;
***************
*** 7542,7548 ****
        new_ScreenLinesUC = (u8char_T *)lalloc((long_u)(
                             (Rows + 1) * Columns * sizeof(u8char_T)), FALSE);
        for (i = 0; i < p_mco; ++i)
!           new_ScreenLinesC[i] = (u8char_T *)lalloc((long_u)(
                             (Rows + 1) * Columns * sizeof(u8char_T)), FALSE);
      }
      if (enc_dbcs == DBCS_JPNU)
--- 7547,7553 ----
        new_ScreenLinesUC = (u8char_T *)lalloc((long_u)(
                             (Rows + 1) * Columns * sizeof(u8char_T)), FALSE);
        for (i = 0; i < p_mco; ++i)
!           new_ScreenLinesC[i] = (u8char_T *)lalloc_clear((long_u)(
                             (Rows + 1) * Columns * sizeof(u8char_T)), FALSE);
      }
      if (enc_dbcs == DBCS_JPNU)
*** ../vim-7.2.405/src/version.c        2010-03-23 14:39:07.000000000 +0100
--- src/version.c       2010-03-23 15:34:11.000000000 +0100
***************
*** 683,684 ****
--- 683,686 ----
  {   /* Add new patch number below this line */
+ /**/
+     406,
  /**/

-- 
VOICE OVER: As the horrendous Black Beast lunged forward, escape for Arthur
            and his knights seemed hopeless,  when, suddenly ... the animator
            suffered a fatal heart attack.
ANIMATOR:   Aaaaagh!
VOICE OVER: The cartoon peril was no more ... The Quest for Holy Grail could
            continue.
                 "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD

 /// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net   \\\
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\        download, build and distribute -- http://www.A-A-P.org        ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///

-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

To unsubscribe from this group, send email to 
vim_dev+unsubscribegooglegroups.com or reply to this email with the words 
"REMOVE ME" as the subject.

Raspunde prin e-mail lui