Mercurial > vim

comparison src/spell.c @ 9898:bff8a09016a5 v7.4.2223

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
commit https://github.com/vim/vim/commit/d3c907b5d2b352482b580a0cf687cbbea4c19ea1 Author: Bram Moolenaar <Bram@vim.org> Date: Wed Aug 17 21:32:09 2016 +0200 patch 7.4.2223 Problem: Buffer overflow when using latin1 character with feedkeys(). Solution: Check for an illegal character. Add a test.
author Christian Brabandt <cb@256bit.org>
date Wed, 17 Aug 2016 21:45:07 +0200
parents fd9727ae3c49
children 9560a2eb7968
comparison
equal deleted inserted replaced
9897:9d1354639a36 9898:bff8a09016a5
5377 } 5377 }
5378 5378
5379 #ifdef FEAT_MBYTE 5379 #ifdef FEAT_MBYTE
5380 if (has_mbyte) 5380 if (has_mbyte)
5381 { 5381 {
5382 n = mb_cptr2len(p); 5382 n = MB_CPTR2LEN(p);
5383 c = mb_ptr2char(p); 5383 c = mb_ptr2char(p);
5384 if (p[n] == NUL) 5384 if (p[n] == NUL)
5385 c2 = NUL; 5385 c2 = NUL;
5386 else if (!soundfold && !spell_iswordp(p + n, curwin)) 5386 else if (!soundfold && !spell_iswordp(p + n, curwin))
5387 c2 = c; /* don't swap non-word char */ 5387 c2 = c; /* don't swap non-word char */
5475 * "fword" here, it's changed back afterwards at STATE_UNSWAP3. */ 5475 * "fword" here, it's changed back afterwards at STATE_UNSWAP3. */
5476 p = fword + sp->ts_fidx; 5476 p = fword + sp->ts_fidx;
5477 #ifdef FEAT_MBYTE 5477 #ifdef FEAT_MBYTE
5478 if (has_mbyte) 5478 if (has_mbyte)
5479 { 5479 {
5480 n = mb_cptr2len(p); 5480 n = MB_CPTR2LEN(p);
5481 c = mb_ptr2char(p); 5481 c = mb_ptr2char(p);
5482 fl = mb_cptr2len(p + n); 5482 fl = MB_CPTR2LEN(p + n);
5483 c2 = mb_ptr2char(p + n); 5483 c2 = mb_ptr2char(p + n);
5484 if (!soundfold && !spell_iswordp(p + n + fl, curwin)) 5484 if (!soundfold && !spell_iswordp(p + n + fl, curwin))
5485 c3 = c; /* don't swap non-word char */ 5485 c3 = c; /* don't swap non-word char */
5486 else 5486 else
5487 c3 = mb_ptr2char(p + n + fl); 5487 c3 = mb_ptr2char(p + n + fl);
5594 ++depth; 5594 ++depth;
5595 p = fword + sp->ts_fidx; 5595 p = fword + sp->ts_fidx;
5596 #ifdef FEAT_MBYTE 5596 #ifdef FEAT_MBYTE
5597 if (has_mbyte) 5597 if (has_mbyte)
5598 { 5598 {
5599 n = mb_cptr2len(p); 5599 n = MB_CPTR2LEN(p);
5600 c = mb_ptr2char(p); 5600 c = mb_ptr2char(p);
5601 fl = mb_cptr2len(p + n); 5601 fl = MB_CPTR2LEN(p + n);
5602 fl += mb_cptr2len(p + n + fl); 5602 fl += MB_CPTR2LEN(p + n + fl);
5603 mch_memmove(p, p + n, fl); 5603 mch_memmove(p, p + n, fl);
5604 mb_char2bytes(c, p + fl); 5604 mb_char2bytes(c, p + fl);
5605 stack[depth].ts_fidxtry = sp->ts_fidx + n + fl; 5605 stack[depth].ts_fidxtry = sp->ts_fidx + n + fl;
5606 } 5606 }
5607 else 5607 else
5659 ++depth; 5659 ++depth;
5660 p = fword + sp->ts_fidx; 5660 p = fword + sp->ts_fidx;
5661 #ifdef FEAT_MBYTE 5661 #ifdef FEAT_MBYTE
5662 if (has_mbyte) 5662 if (has_mbyte)
5663 { 5663 {
5664 n = mb_cptr2len(p); 5664 n = MB_CPTR2LEN(p);
5665 n += mb_cptr2len(p + n); 5665 n += MB_CPTR2LEN(p + n);
5666 c = mb_ptr2char(p + n); 5666 c = mb_ptr2char(p + n);
5667 tl = mb_cptr2len(p + n); 5667 tl = MB_CPTR2LEN(p + n);
5668 mch_memmove(p + tl, p, n); 5668 mch_memmove(p + tl, p, n);
5669 mb_char2bytes(c, p); 5669 mb_char2bytes(c, p);
5670 stack[depth].ts_fidxtry = sp->ts_fidx + n + tl; 5670 stack[depth].ts_fidxtry = sp->ts_fidx + n + tl;
5671 } 5671 }
5672 else 5672 else
5953 * round[depth] == 2: Try using the upper-case character. 5953 * round[depth] == 2: Try using the upper-case character.
5954 */ 5954 */
5955 #ifdef FEAT_MBYTE 5955 #ifdef FEAT_MBYTE
5956 if (has_mbyte) 5956 if (has_mbyte)
5957 { 5957 {
5958 flen = mb_cptr2len(fword + fwordidx[depth]); 5958 flen = MB_CPTR2LEN(fword + fwordidx[depth]);
5959 ulen = mb_cptr2len(uword + uwordidx[depth]); 5959 ulen = MB_CPTR2LEN(uword + uwordidx[depth]);
5960 } 5960 }
5961 else 5961 else
5962 #endif 5962 #endif
5963 ulen = flen = 1; 5963 ulen = flen = 1;
5964 if (round[depth] == 1) 5964 if (round[depth] == 1)