Re: Patch 7.4.704

[Dominique Pellé]

Bram Moolenaar wrote:

> Patch 7.4.704
> Problem:    Searching for a character matches an illegal byte and causes
>             invalid memory access. (Dominique Pelle)
> Solution:   Do not match an invalid byte when search for a character in a
>             string.  Fix equivalence classes using negative numbers, which
>             result in illegal bytes.
> Files:      src/misc2.c, src/regexp.c, src/testdir/test44.in

...snip...

> *** ../vim-7.4.703/src/regexp.c 2015-03-31 14:17:22.004608294 +0200
> --- src/regexp.c        2015-04-21 13:55:32.778050479 +0200
> ***************
> *** 845,857 ****
>   #else
>         switch (c)
>         {
> !           case 'A': case '\300': case '\301': case '\302':
>             CASEMBC(0x100) CASEMBC(0x102) CASEMBC(0x104) CASEMBC(0x1cd)
>             CASEMBC(0x1de) CASEMBC(0x1e0) CASEMBC(0x1ea2)
> !           case '\303': case '\304': case '\305':
> !                     regmbc('A'); regmbc('\300'); regmbc('\301');
> !                     regmbc('\302'); regmbc('\303'); regmbc('\304');
> !                     regmbc('\305');
>                       REGMBC(0x100) REGMBC(0x102) REGMBC(0x104)
>                       REGMBC(0x1cd) REGMBC(0x1de) REGMBC(0x1e0)
>                       REGMBC(0x1ea2)
> --- 845,858 ----
>   #else
>         switch (c)
>         {
> !           /* Do not use '\300' style, it results in a negative number. */
> !           case 'A': case 0xc0: case 0xc1: case 0xc2:
> !           case 0xc3: case 0xc4: case 0xc5:
>             CASEMBC(0x100) CASEMBC(0x102) CASEMBC(0x104) CASEMBC(0x1cd)
>             CASEMBC(0x1de) CASEMBC(0x1e0) CASEMBC(0x1ea2)
> !                     regmbc('A'); regmbc(0xc0); regmbc(0xc1);
> !                     regmbc(0xc2); regmbc(0xc3); regmbc(0xc4);
> !                     regmbc(0xc5);
>                       REGMBC(0x100) REGMBC(0x102) REGMBC(0x104)
>                       REGMBC(0x1cd) REGMBC(0x1de) REGMBC(0x1e0)
>                       REGMBC(0x1ea2)


The replacements of things like case '\0300' into case 0xc0 (etc)
were made in regexp.c in patch-7.4.704. Similar code exists in
regexp_nfa.c in nfa_emit_equi_class() where the replacements
were not made. I suppose that they should be made there too
for the same reason explained in the comment:
/* Do not use '\300' style, it results in a negative number. */

I can write a patch when I find the time, and try to find an
example of where the change matters.

Regards
Dominique

-- 
-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

--- 
You received this message because you are subscribed to the Google Groups 
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to vim_dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.