patch 9.1.0700: crash with 2byte encoding and glob2regpat()
Commit:
https://github.com/vim/vim/commit/1c815b54bbaf872c271d58043e51e56b908c1a20
Author: Christian Brabandt <[email protected]>
Date: Wed Aug 28 22:08:35 2024 +0200
patch 9.1.0700: crash with 2byte encoding and glob2regpat()
Problem: possible crash with 2byte encoding and glob2regpat()
Solution: Skip over character, if it is multi-byte character
Signed-off-by: Christian Brabandt <[email protected]>
diff --git a/src/fileio.c b/src/fileio.c
index d27a1727e..890eac785 100644
--- a/src/fileio.c
+++ b/src/fileio.c
@@ -5714,7 +5714,8 @@ file_pat_to_reg_pat(
)
*allow_dirs = TRUE;
reg_pat[i++] = '\';
- reg_pat[i++] = *p;
+ if (enc_dbcs != 0 && (*mb_ptr2len)(p) > 1)
+ reg_pat[i++] = *p++;
}
break;
#ifdef BACKSLASH_IN_FILENAME
diff --git a/src/testdir/crash/heap_overflow_glob2regpat
b/src/testdir/crash/heap_overflow_glob2regpat
new file mode 100644
index
0000000000000000000000000000000000000000..8baf6f32533cc548c58dcc6152292e7f23b59345
GIT binary patch
literal 200
zcmcC2PE|<FOU_Tp%uBa5N~$bL)h#Va)Ai#j$;?SjE!Iln)-J4JV5sLR%Zq9M|B0)Z
zg@r{=&lX6saImoP@MtjG`tnp+cI4)y2!H`Y8CMDe!^0G=yqLEQhB{n9)gU0ikd|MP
zld3S2aW<DoZgw$Ou1YF%X3=kk|0-NLNsJ5(3_zjQR3@kY|GAPB>#D1BlJZN6GSf3k
rRI7uSU!=tR*U|d#6YSGdV3^ndRGpcdn8VN=mRed`8eCdh5W@`sxUN5Z
literal 0
HcmV?d00001
diff --git a/src/testdir/test_crash.vim b/src/testdir/test_crash.vim
index b3348761c..e741a18b4 100644
--- a/src/testdir/test_crash.vim
+++ b/src/testdir/test_crash.vim
@@ -222,6 +222,12 @@ func Test_crash1_3()
call term_sendkeys(buf, args)
call TermWait(buf, 150)
+ let file = 'crash/heap_overflow_glob2regpat'
+ let cmn_args = "%s -u NONE -i NONE -n -X -m -n -e -s -S %s -c ':qa!'"
+ let args = printf(cmn_args, vim, file)
+ call term_sendkeys(buf, args)
+ call TermWait(buf, 50)
+
" clean up
exe buf .. "bw!"
diff --git a/src/version.c b/src/version.c
index 100a1ae70..59bd3fcdc 100644
--- a/src/version.c
+++ b/src/version.c
@@ -704,6 +704,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 700,
/**/
699,
/**/
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/vim_dev/E1sjP4J-00EBYe-0u%40256bit.org.
