Patch 9.0.1160
Problem: ASAN error for ufunc_T allocated with wrong size.
Solution: Make sure the size can always fit the struct.
Files: src/userfunc.c
*** ../vim-9.0.1159/src/userfunc.c 2023-01-08 19:54:06.952281443 +0000
--- src/userfunc.c 2023-01-08 20:28:46.544912868 +0000
***************
*** 641,646 ****
--- 641,659 ----
return name;
}
+ /*
+ * Allocate a "ufunc_T" for a function called "name".
+ * Makes sure the size is right.
+ */
+ static ufunc_T *
+ alloc_ufunc(char_u *name)
+ {
+ // When the name is short we need to make sure we allocate enough bytes
for
+ // the whole struct, including any padding.
+ size_t len = offsetof(ufunc_T, uf_name) + STRLEN(name) + 1;
+ return alloc_clear(len < sizeof(ufunc_T) ? sizeof(ufunc_T) : len);
+ }
+
#if defined(FEAT_LUA) || defined(PROTO)
/*
* Registers a native C callback which can be called from Vim script.
***************
*** 652,658 ****
char_u *name = get_lambda_name();
ufunc_T *fp;
! fp = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(name) + 1);
if (fp == NULL)
return NULL;
--- 665,671 ----
char_u *name = get_lambda_name();
ufunc_T *fp;
! fp = alloc_ufunc(name);
if (fp == NULL)
return NULL;
***************
*** 1356,1362 ****
}
name = get_lambda_name();
! ufunc = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(name) + 1);
if (ufunc == NULL)
goto erret;
set_ufunc_name(ufunc, name);
--- 1369,1375 ----
}
name = get_lambda_name();
! ufunc = alloc_ufunc(name);
if (ufunc == NULL)
goto erret;
set_ufunc_name(ufunc, name);
***************
*** 1557,1563 ****
char_u *line_end;
char_u *name = get_lambda_name();
! fp = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(name) + 1);
if (fp == NULL)
goto errret;
fp->uf_def_status = UF_NOT_COMPILED;
--- 1570,1576 ----
char_u *line_end;
char_u *name = get_lambda_name();
! fp = alloc_ufunc(name);
if (fp == NULL)
goto errret;
fp->uf_def_status = UF_NOT_COMPILED;
***************
*** 2558,2564 ****
return FAIL;
}
! fp = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(global) + 1);
if (fp == NULL)
return FAIL;
--- 2571,2577 ----
return FAIL;
}
! fp = alloc_ufunc(global);
if (fp == NULL)
return FAIL;
***************
*** 5081,5087 ****
}
}
! fp = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(name) + 1);
if (fp == NULL)
goto erret;
fp_allocated = TRUE;
--- 5094,5100 ----
}
}
! fp = alloc_ufunc(name);
if (fp == NULL)
goto erret;
fp_allocated = TRUE;
***************
*** 5525,5534 ****
ufunc_T *
copy_function(ufunc_T *fp)
{
! // The struct may have padding, make sure we allocate at least the size of
! // the struct.
! size_t len = offsetof(ufunc_T, uf_name) + STRLEN(fp->uf_name) + 1;
! ufunc_T *ufunc = alloc_clear(len < sizeof(ufunc_T) ? sizeof(ufunc_T) :
len);
if (ufunc == NULL)
return NULL;
--- 5538,5544 ----
ufunc_T *
copy_function(ufunc_T *fp)
{
! ufunc_T *ufunc = alloc_ufunc(fp->uf_name);
if (ufunc == NULL)
return NULL;
*** ../vim-9.0.1159/src/version.c 2023-01-08 19:54:06.952281443 +0000
--- src/version.c 2023-01-08 20:25:33.781208548 +0000
***************
*** 697,698 ****
--- 697,700 ----
{ /* Add new patch number below this line */
+ /**/
+ 1160,
/**/
--
Eye have a spelling checker, it came with my PC;
It plainly marks four my revue mistakes I cannot sea.
I've run this poem threw it, I'm sure your please to no,
It's letter perfect in it's weigh, my checker tolled me sew!
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/vim_dev/20230108203149.E45FE1C044B%40moolenaar.net.
