vim: src/getchar.c comparison

comparison src/getchar.c @ 9898:bff8a09016a5 v7.4.2223

commit https://github.com/vim/vim/commit/d3c907b5d2b352482b580a0cf687cbbea4c19ea1 Author: Bram Moolenaar <Bram@vim.org> Date: Wed Aug 17 21:32:09 2016 +0200 patch 7.4.2223 Problem: Buffer overflow when using latin1 character with feedkeys(). Solution: Check for an illegal character. Add a test.

author	Christian Brabandt <cb@256bit.org>
date	Wed, 17 Aug 2016 21:45:07 +0200
parents	7b39615c0db1
children	b222552cf0c4

comparison

equal deleted inserted replaced

-:9d1354639a36
+:bff8a09016a5
 char_u *p)
 {
 char_u	*res;
 char_u	*s, *d;
-/* Need a buffer to hold up to three times as much. */
+/* Need a buffer to hold up to three times as much.  Four in case of an
-res = alloc((unsigned)(STRLEN(p) * 3) + 1);
+* illegal utf-8 byte:
+* 0xc0 -> 0xc3 0x80 -> 0xc3 K_SPECIAL KS_SPECIAL KE_FILLER */
+res = alloc((unsigned)(STRLEN(p) *
+#ifdef FEAT_MBYTE
+			4
+#else
+			3
+#endif
+			    ) + 1);
 if (res != NULL)
 {
 	d = res;
 	for (s = p; *s != NUL; )
 	{
 		*d++ = *s++;
 		*d++ = *s++;
 	    }
 	    else
 	    {
-#ifdef FEAT_MBYTE
-		int len  = mb_char2len(PTR2CHAR(s));
-		int len2 = mb_ptr2len(s);
-#endif
 		/* Add character, possibly multi-byte to destination, escaping
-		 * CSI and K_SPECIAL. */
+		 * CSI and K_SPECIAL. Be careful, it can be an illegal byte! */
 		d = add_char2buf(PTR2CHAR(s), d);
-#ifdef FEAT_MBYTE
+		s += MB_CPTR2LEN(s);
-		while (len < len2)
-		{
-		    /* add following combining char */
-		    d = add_char2buf(PTR2CHAR(s + len), d);
-		    len += mb_char2len(PTR2CHAR(s + len));
-		}
-#endif
-		mb_ptr_adv(s);
 	    }
 	}
 	*d = NUL;
 }
 return res;

Mercurial > vim

comparison src/getchar.c @ 9898:bff8a09016a5 v7.4.2223