Hello all, After compiling VIM with Visual Studio 2012, apparently a buffer overflow was detected and caused VIM to crash. Here's my report of what I think caused it.
I am using GVIM version 7.3.661 64-bit version, Windows 7, Python 2.7.x bindings, and UltiSnips plugin. GUI and MBYTE is on. After finishing the Python part of UltiSnips, VIM tries to do msg_outtrans_special(s, FALSE); @ getchar.c:3985, where s is "\x1b:call UltiSnips_JumpForwards()\r". Eventually it reaches string = str2special(&str, from); @ message.c:1485, which calls str2special(). Inside str2special(), it calls mb_unescape(sp), where sp is a pointer to s above. This is where I think the problem is at. mb_unescape() seems to meant for only decoding individual characters, and stores its results inside a static local array buf, which is only meant to be MB_MAXBYTES + 1 big (22 bytes). As you can see the result of the mapping above (s) is larger than 22 bytes, and does not fit inside buf, causing a buffer overflow to be detected. At this point I am not sure what the actual problem is. Should mb_unescape() be changed to accept arbitrary length strings (a different MAX constant)? Should str2special() use a different function? Or is something wrong with the mapping expansion in msg_outtrans_special() and it shouldn't use str2special()? Here is a picture of the stacktrace: http://i.imgur.com/O8RKD.png -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php
