Mercurial > vim

comparison src/regexp.c @ 6830:70fdcdaf96a6 v7.4.736

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 7.4.736 Problem: Invalid memory access. Solution: Avoid going over the end of a NUL terminated string. (Dominique Pelle)
author Bram Moolenaar <bram@vim.org>
date Tue, 09 Jun 2015 20:39:24 +0200
parents de90405940be
children 94b179585851
comparison
equal deleted inserted replaced
6829:56f553a0bff6 6830:70fdcdaf96a6
1155 { 1155 {
1156 int c; 1156 int c;
1157 int l = 1; 1157 int l = 1;
1158 char_u *p = *pp; 1158 char_u *p = *pp;
1159 1159
1160 if (p[1] == '.') 1160 if (p[0] != NUL && p[1] == '.')
1161 { 1161 {
1162 #ifdef FEAT_MBYTE 1162 #ifdef FEAT_MBYTE
1163 if (has_mbyte) 1163 if (has_mbyte)
1164 l = (*mb_ptr2len)(p + 2); 1164 l = (*mb_ptr2len)(p + 2);
1165 #endif 1165 #endif
1226 p += 2; 1226 p += 2;
1227 else if (*p == '[') 1227 else if (*p == '[')
1228 { 1228 {
1229 if (get_char_class(&p) == CLASS_NONE 1229 if (get_char_class(&p) == CLASS_NONE
1230 && get_equi_class(&p) == 0 1230 && get_equi_class(&p) == 0
1231 && get_coll_element(&p) == 0) 1231 && get_coll_element(&p) == 0
1232 ++p; /* It was not a class name */ 1232 && *p != NUL)
1233 ++p; /* it is not a class name and not NUL */
1233 } 1234 }
1234 else 1235 else
1235 ++p; 1236 ++p;
1236 } 1237 }
1237 1238
3154 ) 3155 )
3155 { 3156 {
3156 /* 3157 /*
3157 * META contains everything that may be magic sometimes, 3158 * META contains everything that may be magic sometimes,
3158 * except ^ and $ ("\^" and "\$" are only magic after 3159 * except ^ and $ ("\^" and "\$" are only magic after
3159 * "\v"). We now fetch the next character and toggle its 3160 * "\V"). We now fetch the next character and toggle its
3160 * magicness. Therefore, \ is so meta-magic that it is 3161 * magicness. Therefore, \ is so meta-magic that it is
3161 * not in META. 3162 * not in META.
3162 */ 3163 */
3163 curchr = -1; 3164 curchr = -1;
3164 prev_at_start = at_start; 3165 prev_at_start = at_start;