Mercurial > vim

changeset 11018:654fc5636b37 v8.0.0398

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.0.0398: illegal memory access with "t" commit https://github.com/vim/vim/commit/66727e16079fbac6db3897b5c3736ec9fba995bb Author: Bram Moolenaar <Bram@vim.org> Date: Wed Mar 1 22:17:05 2017 +0100 patch 8.0.0398: illegal memory access with "t" Problem: Illegal memory access with "t". Solution: Use strncmp() instead of memcmp(). (Dominique Pelle, closes https://github.com/vim/vim/issues/1528)
author Christian Brabandt <cb@256bit.org>
date Wed, 01 Mar 2017 22:30:04 +0100
parents da1cbfa57265
children 05daa23e1ecf
files src/search.c src/testdir/test_search.vim src/version.c
diffstat 3 files changed, 11 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/src/search.c
+++ b/src/search.c
@@ -1693,12 +1693,9 @@ searchc(cmdarg_T *cap, int t_cmd)
 		    if (p[col] == c && stop)
 			break;
 		}
-		else
-		{
-		    if (memcmp(p + col, lastc_bytes, lastc_bytelen) == 0
+		else if (STRNCMP(p + col, lastc_bytes, lastc_bytelen) == 0
 								       && stop)
-			break;
-		}
+		    break;
 		stop = TRUE;
 	    }
 	}
--- a/src/testdir/test_search.vim
+++ b/src/testdir/test_search.vim
@@ -294,3 +294,10 @@ func Test_searchpair()
   q!
 endfunc
 
+func Test_searchc()
+  " These commands used to cause memory overflow in searchc().
+  new
+  norm ixx
+  exe "norm 0t\u93cf"
+  bw!
+endfunc
--- a/src/version.c
+++ b/src/version.c
@@ -765,6 +765,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    398,
+/**/
     397,
 /**/
     396,