Patch 8.1.0205
Problem: Invalid memory access with invalid modeline.
Solution: Pass pointer limit. Add a test. (closes #3241)
Files: src/Make_all.mak, src/testdir/test_alot.vim,
src/testdir/test_modeline.vim, src/option.c
*** ../vim-8.1.0204/src/Make_all.mak 2018-07-04 23:05:19.221931527 +0200
--- src/Make_all.mak 2018-07-23 03:54:45.950888854 +0200
***************
*** 118,123 ****
--- 118,124 ----
test_messages \
test_mksession \
test_mksession_utf8 \
+ test_modeline \
test_nested_function \
test_netbeans \
test_normal \
*** ../vim-8.1.0204/src/testdir/test_alot.vim 2018-05-19 15:00:48.841017887
+0200
--- src/testdir/test_alot.vim 2018-07-23 03:56:07.742401442 +0200
***************
*** 37,42 ****
--- 37,43 ----
source test_match.vim
source test_menu.vim
source test_messages.vim
+ source test_modeline.vim
source test_partial.vim
source test_popup.vim
source test_put.vim
*** ../vim-8.1.0204/src/testdir/test_modeline.vim 2018-07-23
04:10:49.533248182 +0200
--- src/testdir/test_modeline.vim 2018-07-23 04:02:57.055992973 +0200
***************
*** 0 ****
--- 1,8 ----
+ " Tests for parsing the modeline.
+
+ func Test_invalid()
+ " This was reading before allocated memory.
+ call writefile(['vi:0', 'nothing'], 'Xmodeline')
+ call assert_fails('split Xmodeline', 'E518:')
+ bwipe!
+ endfunc
*** ../vim-8.1.0204/src/option.c 2018-07-08 21:46:52.859037899 +0200
--- src/option.c 2018-07-23 04:09:28.641716577 +0200
***************
*** 3316,3322 ****
static char_u *set_num_option(int opt_idx, char_u *varp, long value, char_u
*errbuf, size_t errbuflen, int opt_flags);
static void check_redraw(long_u flags);
static int findoption(char_u *);
! static int find_key_option(char_u *);
static void showoptions(int all, int opt_flags);
static int optval_default(struct vimoption *, char_u *varp);
static void showoneopt(struct vimoption *, int opt_flags);
--- 3316,3322 ----
static char_u *set_num_option(int opt_idx, char_u *varp, long value, char_u
*errbuf, size_t errbuflen, int opt_flags);
static void check_redraw(long_u flags);
static int findoption(char_u *);
! static int find_key_option(char_u *arg_arg, int has_lt);
static void showoptions(int all, int opt_flags);
static int optval_default(struct vimoption *, char_u *varp);
static void showoneopt(struct vimoption *, int opt_flags);
***************
*** 4492,4498 ****
opt_idx = findoption(arg + 1);
arg[len++] = '>'; /* restore '>' */
if (opt_idx == -1)
! key = find_key_option(arg + 1);
}
else
{
--- 4492,4498 ----
opt_idx = findoption(arg + 1);
arg[len++] = '>'; /* restore '>' */
if (opt_idx == -1)
! key = find_key_option(arg + 1, TRUE);
}
else
{
***************
*** 4510,4516 ****
opt_idx = findoption(arg);
arg[len] = nextchar; /* restore nextchar */
if (opt_idx == -1)
! key = find_key_option(arg);
}
/* remember character after option name */
--- 4510,4516 ----
opt_idx = findoption(arg);
arg[len] = nextchar; /* restore nextchar */
if (opt_idx == -1)
! key = find_key_option(arg, FALSE);
}
/* remember character after option name */
***************
*** 5362,5368 ****
string_to_key(char_u *arg, int multi_byte)
{
if (*arg == '<')
! return find_key_option(arg + 1);
if (*arg == '^')
return Ctrl_chr(arg[1]);
if (multi_byte)
--- 5362,5368 ----
string_to_key(char_u *arg, int multi_byte)
{
if (*arg == '<')
! return find_key_option(arg + 1, TRUE);
if (*arg == '^')
return Ctrl_chr(arg[1]);
if (multi_byte)
***************
*** 9541,9547 ****
int key;
if (STRLEN(name) == 4 && name[0] == 't' && name[1] == '_'
! && (key = find_key_option(name)) != 0)
{
char_u key_name[2];
char_u *p;
--- 9541,9547 ----
int key;
if (STRLEN(name) == 4 && name[0] == 't' && name[1] == '_'
! && (key = find_key_option(name, FALSE)) != 0)
{
char_u key_name[2];
char_u *p;
***************
*** 9831,9837 ****
int key;
if (STRLEN(name) == 4 && name[0] == 't' && name[1] == '_'
! && (key = find_key_option(name)) != 0)
{
char_u key_name[2];
--- 9831,9837 ----
int key;
if (STRLEN(name) == 4 && name[0] == 't' && name[1] == '_'
! && (key = find_key_option(name, FALSE)) != 0)
{
char_u key_name[2];
***************
*** 9952,9963 ****
/*
* Translate a string like "t_xx", "<t_xx>" or "<S-Tab>" to a key number.
*/
static int
! find_key_option(char_u *arg)
{
! int key;
int modifiers;
/*
* Don't use get_special_key_code() for t_xx, we don't want it to call
--- 9952,9966 ----
/*
* Translate a string like "t_xx", "<t_xx>" or "<S-Tab>" to a key number.
+ * When "has_lt" is true there is a '<' before "*arg_arg".
+ * Returns 0 when the key is not recognized.
*/
static int
! find_key_option(char_u *arg_arg, int has_lt)
{
! int key = 0;
int modifiers;
+ char_u *arg = arg_arg;
/*
* Don't use get_special_key_code() for t_xx, we don't want it to call
***************
*** 9965,9971 ****
*/
if (arg[0] == 't' && arg[1] == '_' && arg[2] && arg[3])
key = TERMCAP2KEY(arg[2], arg[3]);
! else
{
--arg; /* put arg at the '<' */
modifiers = 0;
--- 9968,9974 ----
*/
if (arg[0] == 't' && arg[1] == '_' && arg[2] && arg[3])
key = TERMCAP2KEY(arg[2], arg[3]);
! else if (has_lt)
{
--arg; /* put arg at the '<' */
modifiers = 0;
*** ../vim-8.1.0204/src/version.c 2018-07-22 19:36:29.255125833 +0200
--- src/version.c 2018-07-23 03:55:34.482599313 +0200
***************
*** 795,796 ****
--- 795,798 ----
{ /* Add new patch number below this line */
+ /**/
+ 205,
/**/
--
DINGO: You must spank her well and after you have spanked her you
may deal with her as you like and then ... spank me.
AMAZING: And spank me!
STUNNER: And me.
LOVELY: And me.
"Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
