Mercurial > vim
diff src/misc2.c @ 13092:d5647746c267 v8.0.1421
patch 8.0.1421: accessing invalid memory with overlong byte sequence
commit https://github.com/vim/vim/commit/e6640ad44e2186bd3642b972115496d347cd1fdd
Author: Bram Moolenaar <Bram@vim.org>
Date: Fri Dec 22 21:06:56 2017 +0100
patch 8.0.1421: accessing invalid memory with overlong byte sequence
Problem: Accessing invalid memory with overlong byte sequence.
Solution: Check for NUL character. (test by Dominique Pelle, closes https://github.com/vim/vim/issues/2485)
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Fri, 22 Dec 2017 21:15:05 +0100 |
parents | 25ab78f14c8b |
children | 7ab8c5983983 |
line wrap: on
line diff
--- a/src/misc2.c +++ b/src/misc2.c @@ -1622,11 +1622,17 @@ strup_save(char_u *orig) char_u *s; c = utf_ptr2char(p); + l = utf_ptr2len(p); + if (c == 0) + { + /* overlong sequence, use only the first byte */ + c = *p; + l = 1; + } uc = utf_toupper(c); /* Reallocate string when byte count changes. This is rare, * thus it's OK to do another malloc()/free(). */ - l = utf_ptr2len(p); newl = utf_char2len(uc); if (newl != l) { @@ -1685,11 +1691,17 @@ strlow_save(char_u *orig) char_u *s; c = utf_ptr2char(p); + l = utf_ptr2len(p); + if (c == 0) + { + /* overlong sequence, use only the first byte */ + c = *p; + l = 1; + } lc = utf_tolower(c); /* Reallocate string when byte count changes. This is rare, * thus it's OK to do another malloc()/free(). */ - l = utf_ptr2len(p); newl = utf_char2len(lc); if (newl != l) {