Patch 7.2.430
Problem: The ++bad argument is handled wrong, resulting in an invalid
memory access.
Solution: Use the bad_char field only for the replacement character, add
bad_char_idx to store the position. (Dominique Pelle)
Files: src/eval.c, src/ex_cmds.h, src/ex_docmd.c
*** ../vim-7.2.429/src/eval.c 2010-05-14 12:16:19.000000000 +0200
--- src/eval.c 2010-05-14 19:04:53.000000000 +0200
***************
*** 18309,18316 ****
# ifdef FEAT_MBYTE
if (eap->force_enc != 0)
len += (unsigned)STRLEN(eap->cmd + eap->force_enc) + 7;
! if (eap->bad_char != 0)
! len += (unsigned)STRLEN(eap->cmd + eap->bad_char) + 7;
# endif
newval = alloc(len + 1);
--- 18309,18316 ----
# ifdef FEAT_MBYTE
if (eap->force_enc != 0)
len += (unsigned)STRLEN(eap->cmd + eap->force_enc) + 7;
! if (eap->bad_char_idx != 0)
! len += (unsigned)STRLEN(eap->cmd + eap->bad_char_idx) + 7;
# endif
newval = alloc(len + 1);
***************
*** 18334,18342 ****
if (eap->force_enc != 0)
sprintf((char *)newval + STRLEN(newval), " ++enc=%s",
eap->cmd + eap->force_enc);
! if (eap->bad_char != 0)
sprintf((char *)newval + STRLEN(newval), " ++bad=%s",
! eap->cmd + eap->bad_char);
# endif
vimvars[VV_CMDARG].vv_str = newval;
return oldval;
--- 18334,18342 ----
if (eap->force_enc != 0)
sprintf((char *)newval + STRLEN(newval), " ++enc=%s",
eap->cmd + eap->force_enc);
! if (eap->bad_char_idx != 0)
sprintf((char *)newval + STRLEN(newval), " ++bad=%s",
! eap->cmd + eap->bad_char_idx);
# endif
vimvars[VV_CMDARG].vv_str = newval;
return oldval;
*** ../vim-7.2.429/src/ex_cmds.h 2010-05-14 15:42:49.000000000 +0200
--- src/ex_cmds.h 2010-05-14 20:23:20.000000000 +0200
***************
*** 1152,1158 ****
int force_ff; /* ++ff= argument (index in cmd[]) */
#ifdef FEAT_MBYTE
int force_enc; /* ++enc= argument (index in cmd[]) */
! int bad_char; /* ++bad= argument (index in cmd[]) */
#endif
#ifdef FEAT_USR_CMDS
int useridx; /* user command index */
--- 1152,1159 ----
int force_ff; /* ++ff= argument (index in cmd[]) */
#ifdef FEAT_MBYTE
int force_enc; /* ++enc= argument (index in cmd[]) */
! int bad_char_idx; /* ++bad= argument (index in cmd[]) */
! int bad_char; /* BAD_KEEP, BAD_DROP or replacement
char */
#endif
#ifdef FEAT_USR_CMDS
int useridx; /* user command index */
*** ../vim-7.2.429/src/ex_docmd.c 2010-05-14 15:28:37.000000000 +0200
--- src/ex_docmd.c 2010-05-14 19:04:53.000000000 +0200
***************
*** 4739,4745 ****
else if (STRNCMP(arg, "bad", 3) == 0)
{
arg += 3;
! pp = &eap->bad_char;
}
#endif
--- 4739,4745 ----
else if (STRNCMP(arg, "bad", 3) == 0)
{
arg += 3;
! pp = &eap->bad_char_idx;
}
#endif
***************
*** 4770,4776 ****
{
/* Check ++bad= argument. Must be a single-byte character, "keep" or
* "drop". */
! p = eap->cmd + eap->bad_char;
if (STRICMP(p, "keep") == 0)
eap->bad_char = BAD_KEEP;
else if (STRICMP(p, "drop") == 0)
--- 4770,4776 ----
{
/* Check ++bad= argument. Must be a single-byte character, "keep" or
* "drop". */
! p = eap->cmd + eap->bad_char_idx;
if (STRICMP(p, "keep") == 0)
eap->bad_char = BAD_KEEP;
else if (STRICMP(p, "drop") == 0)
*** ../vim-7.2.429/src/version.c 2010-05-14 18:56:33.000000000 +0200
--- src/version.c 2010-05-14 20:39:38.000000000 +0200
***************
*** 683,684 ****
--- 683,686 ----
{ /* Add new patch number below this line */
+ /**/
+ 430,
/**/
--
You have the right to remain silent. Anything you say will be
misquoted, then used against you.
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ download, build and distribute -- http://www.A-A-P.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
