Mercurial > vim

changeset 21975:2030f8267db9 v8.2.1537

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.2.1537: memory acccess error when using setcellwidths() Commit: https://github.com/vim/vim/commit/b06a6d59d12dbd67d55b3c46f6e5547e9103c931 Author: Bram Moolenaar <Bram@vim.org> Date: Fri Aug 28 23:27:20 2020 +0200 patch 8.2.1537: memory acccess error when using setcellwidths() Problem: Memory acccess error when using setcellwidths(). Solution: Use array and pointers correctly.
author Bram Moolenaar <Bram@vim.org>
date Fri, 28 Aug 2020 23:30:04 +0200
parents de098496c33f
children 262d7ee2992c
files src/errors.h src/mbyte.c src/testdir/test_utf8.vim src/version.c
diffstat 4 files changed, 13 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/src/errors.h
+++ b/src/errors.h
@@ -247,7 +247,7 @@ EXTERN char e_list_item_nr_range_invalid
 EXTERN char e_list_item_nr_cell_width_invalid[]
 	INIT(= N_("E1112: List item %d cell width invalid"));
 EXTERN char e_overlapping_ranges_for_nr[]
-	INIT(= N_("E1113: Overlapping ranges for %lx"));
+	INIT(= N_("E1113: Overlapping ranges for 0x%lx"));
 EXTERN char e_only_values_of_0x100_and_higher_supported[]
 	INIT(= N_("E1114: Only values of 0x100 and higher supported"));
 #endif
--- a/src/mbyte.c
+++ b/src/mbyte.c
@@ -5421,8 +5421,8 @@ cw_value(int c)
     static int
 tv_nr_compare(const void *a1, const void *a2)
 {
-    listitem_T *li1 = (listitem_T *)a1;
-    listitem_T *li2 = (listitem_T *)a2;
+    listitem_T *li1 = *(listitem_T **)a1;
+    listitem_T *li2 = *(listitem_T **)a2;
 
     return li1->li_tv.vval.v_number - li2->li_tv.vval.v_number;
 }
@@ -5470,8 +5470,10 @@ f_setcellwidths(typval_T *argvars, typva
 	    vim_free(ptrs);
 	    return;
 	}
-	for (lili = li->li_tv.vval.v_list->lv_first, i = 0; lili != NULL;
-						     lili = lili->li_next, ++i)
+
+	lili = li->li_tv.vval.v_list->lv_first;
+	ptrs[item] = lili;
+	for (i = 0; lili != NULL; lili = lili->li_next, ++i)
 	{
 	    if (lili->li_tv.v_type != VAR_NUMBER)
 		break;
@@ -5505,7 +5507,7 @@ f_setcellwidths(typval_T *argvars, typva
 	    vim_free(ptrs);
 	    return;
 	}
-	ptrs[item++] = lili;
+	++item;
     }
 
     // Sort the list on the first number.
@@ -5520,9 +5522,9 @@ f_setcellwidths(typval_T *argvars, typva
 
     // Store the items in the new table.
     item = 0;
-    for (li = l->lv_first; li != NULL; li = li->li_next)
+    for (item = 0; item < l->lv_len; ++item)
     {
-	listitem_T	*lili = li->li_tv.vval.v_list->lv_first;
+	listitem_T	*lili = ptrs[item];
 	varnumber_T	n1;
 
 	n1 = lili->li_tv.vval.v_number;
@@ -5538,7 +5540,6 @@ f_setcellwidths(typval_T *argvars, typva
 	table[item].last = lili->li_tv.vval.v_number;
 	lili = lili->li_next;
 	table[item].width = lili->li_tv.vval.v_number;
-	++item;
     }
 
     vim_free(ptrs);
--- a/src/testdir/test_utf8.vim
+++ b/src/testdir/test_utf8.vim
@@ -148,8 +148,8 @@ endfunc
 func Test_setcellwidths()
   call setcellwidths([
         \ [0x1330, 0x1330, 2],
+        \ [9999, 10000, 1],
         \ [0x1337, 0x1339, 2],
-        \ [9999, 10000, 1],
         \])
 
   call assert_equal(2, strwidth("\u1330"))
--- a/src/version.c
+++ b/src/version.c
@@ -755,6 +755,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1537,
+/**/
     1536,
 /**/
     1535,