Mercurial > vim
annotate runtime/syntax/reva.vim @ 33865:8cdb69ea3711 v9.0.2143
patch 9.0.2143: [security]: buffer-overflow in ex_substitute
Commit: https://github.com/vim/vim/commit/abfa13ebe92d81aaf66669c428d767847b577453
Author: Christian Brabandt <cb@256bit.org>
Date: Thu Nov 30 11:32:18 2023 +0100
patch 9.0.2143: [security]: buffer-overflow in ex_substitute
Problem: [security]: buffer-overflow in ex_substitute
Solution: clear memory after allocating
When allocating the new_start pointer in ex_substitute() the memory
pointer points to some garbage that the following for loop in
ex_cmds.c:4743 confuses and causes it to accessing the new_start pointer
beyond it's size, leading to a buffer-overlow.
So fix this by using alloc_clear() instead of alloc(), which will
clear the memory by NUL and therefore cause the loop to terminate
correctly.
Reported by @henices, thanks!
closes: #13596
Signed-off-by: Christian Brabandt <cb@256bit.org>
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Sun, 10 Dec 2023 15:16:05 +0100 |
parents | 03b854983b14 |
children |
rev | line source |
---|---|
1620 | 1 " Vim syntax file |
2 " Language: Reva Forth | |
3371 | 3 " Version: 2011.2 |
18186 | 4 " Last Change: 2019 Sep 27 |
1620 | 5 " Maintainer: Ron Aaron <ron@ronware.org> |
6 " URL: http://ronware.org/reva/ | |
3371 | 7 " Filetypes: *.rf *.frt |
1620 | 8 " NOTE: You should also have the ftplugin/reva.vim file to set 'isk' |
9 | |
10048
43efa4f5a8ea
commit https://github.com/vim/vim/commit/89bcfda6834aba724d12554a34b9ed49f5789fd5
Christian Brabandt <cb@256bit.org>
parents:
3371
diff
changeset
|
10 " quit when a syntax file was already loaded |
43efa4f5a8ea
commit https://github.com/vim/vim/commit/89bcfda6834aba724d12554a34b9ed49f5789fd5
Christian Brabandt <cb@256bit.org>
parents:
3371
diff
changeset
|
11 if exists("b:current_syntax") |
1620 | 12 finish |
13 endif | |
14 | |
3371 | 15 let s:cpo_save = &cpo |
16 set cpo&vim | |
17 | |
1620 | 18 syn clear |
19 | |
20 " Synchronization method | |
3371 | 21 syn sync ccomment |
1620 | 22 syn sync maxlines=100 |
23 | |
24 | |
25 syn case ignore | |
26 " Some special, non-FORTH keywords | |
27 "syn keyword revaTodo contained todo fixme bugbug todo: bugbug: note: | |
28 syn match revaTodo contained '\(todo\|fixme\|bugbug\|note\)[:]*' | |
29 syn match revaTodo contained 'copyright\(\s(c)\)\=\(\s[0-9]\{2,4}\)\=' | |
30 | |
31 syn match revaHelpDesc '\S.*' contained | |
32 syn match revaHelpStuff '\<\(def\|stack\|ctx\|ver\|os\|related\):\s.*' | |
33 syn region revaHelpStuff start='\<desc:\>' end='^\S' contains=revaHelpDesc | |
34 syn region revaEOF start='\<|||\>' end='{$}' contains=revaHelpStuff | |
35 | |
36 | |
37 syn case match | |
38 " basic mathematical and logical operators | |
39 syn keyword revaoperators + - * / mod /mod negate abs min max umin umax | |
3371 | 40 syn keyword revaoperators and or xor not invert 1+ 1- |
1620 | 41 syn keyword revaoperators m+ */ */mod m* um* m*/ um/mod fm/mod sm/rem |
42 syn keyword revaoperators d+ d- dnegate dabs dmin dmax > < = >> << u< <> | |
43 | |
44 | |
45 " stack manipulations | |
46 syn keyword revastack drop nip dup over tuck swap rot -rot ?dup pick roll | |
47 syn keyword revastack 2drop 2nip 2dup 2over 2swap 2rot 3drop | |
48 syn keyword revastack >r r> r@ rdrop | |
49 " syn keyword revastack sp@ sp! rp@ rp! | |
50 | |
51 " address operations | |
52 syn keyword revamemory @ ! +! c@ c! 2@ 2! align aligned allot allocate here free resize | |
53 syn keyword revaadrarith chars char+ cells cell+ cell cell- 2cell+ 2cell- 3cell+ 4cell+ | |
3371 | 54 syn keyword revamemblks move fill |
1620 | 55 |
56 " conditionals | |
3371 | 57 syn keyword revacond if else then =if >if <if <>if if0 ;; catch throw |
1620 | 58 |
59 " iterations | |
60 syn keyword revaloop while repeat until again | |
61 syn keyword revaloop do loop i j leave unloop skip more | |
62 | |
63 " new words | |
64 syn match revaColonDef '\<noname:\|\<:\s+' contains=revaComment | |
65 syn keyword revaEndOfColonDef ; ;inline | |
66 syn keyword revadefine constant constant, variable create variable, | |
3371 | 67 syn keyword revadefine user value to +to defer! defer@ defer is does> immediate |
1620 | 68 syn keyword revadefine compile literal ' ['] |
69 | |
70 " Built in words | |
71 com! -nargs=+ Builtin syn keyword revaBuiltin <args> | |
72 Builtin execute ahead interp bye >body here pad words make | |
73 Builtin accept close cr creat delete ekey emit fsize ioerr key? | |
3371 | 74 Builtin mtime open/r open/rw read rename seek space spaces stat |
1620 | 75 Builtin tell type type_ write (seek) (argv) (save) 0; 0drop; |
76 Builtin >class >lz >name >xt alias alias: appname argc asciiz, asciizl, | |
77 Builtin body> clamp depth disassemble findprev fnvhash getenv here, | |
3371 | 78 Builtin iterate last! last@ later link lz> lzmax os parse/ peek |
1620 | 79 Builtin peek-n pop prior push put rp@ rpick save setenv slurp |
80 Builtin stack-empty? stack-iterate stack-size stack: THROW_BADFUNC | |
81 Builtin THROW_BADLIB THROW_GENERIC used xt>size z, | |
82 Builtin +lplace +place -chop /char /string bounds c+lplace c+place | |
83 Builtin chop cmp cmpi count lc lcount lplace place quote rsplit search split | |
84 Builtin zcount zt \\char | |
85 Builtin chdir g32 k32 u32 getcwd getpid hinst osname stdin stdout | |
86 Builtin (-lib) (bye) (call) (else) (find) (func) (here) (if (lib) (s0) (s^) | |
87 Builtin (to~) (while) >in >rel ?literal appstart cold compiling? context? d0 default_class | |
88 Builtin defer? dict dolstr dostr find-word h0 if) interp isa onexit | |
3371 | 89 Builtin onstartup pdoes pop>ebx prompt rel> rp0 s0 src srcstr state str0 then,> then> tib |
1620 | 90 Builtin tp vector vector! word? xt? .ver revaver revaver# && '' 'constant 'context |
91 Builtin 'create 'defer 'does 'forth 'inline 'macro 'macront 'notail 'value 'variable | |
92 Builtin (.r) (context) (create) (header) (hide) (inline) (p.r) (words~) (xfind) | |
93 Builtin ++ -- , -2drop -2nip -link -swap . .2x .classes .contexts .funcs .libs .needs .r | |
94 Builtin .rs .x 00; 0do 0if 1, 2, 3, 2* 2/ 2constant 2variable 3dup 4dup ;then >base >defer | |
95 Builtin >rr ? ?do @execute @rem appdir argv as back base base! between chain cleanup-libs | |
3371 | 96 Builtin cmove> context?? ctrl-c ctx>name data: defer: defer@def dictgone do_cr eleave |
97 Builtin endcase endof eval exception exec false find func: header heapgone help help/ | |
1620 | 98 Builtin hex# hide inline{ last lastxt lib libdir literal, makeexename mnotail ms ms@ |
3371 | 99 Builtin newclass noop nosavedict notail nul of off on p: padchar parse parseln |
100 Builtin parsews rangeof rdepth remains reset reva revaused rol8 rr> scratch setclass sp | |
1620 | 101 Builtin strof super> temp time&date true turnkey? undo vfunc: w! w@ |
102 Builtin xchg xchg2 xfind xt>name xwords { {{ }} } _+ _1+ _1- pathsep case \|| | |
3371 | 103 " p[ [''] [ ['] |
1620 | 104 |
105 | |
106 " debugging | |
107 syn keyword revadebug .s dump see | |
108 | |
109 " basic character operations | |
110 " syn keyword revaCharOps (.) CHAR EXPECT FIND WORD TYPE -TRAILING EMIT KEY | |
111 " syn keyword revaCharOps KEY? TIB CR | |
112 " syn match revaCharOps '\<char\s\S\s' | |
113 " syn match revaCharOps '\<\[char\]\s\S\s' | |
114 " syn region revaCharOps start=+."\s+ skip=+\\"+ end=+"+ | |
115 | |
116 " char-number conversion | |
3371 | 117 syn keyword revaconversion s>d >digit digit> >single >double >number >float |
1620 | 118 |
119 " contexts | |
3371 | 120 syn keyword revavocs forth macro inline |
121 syn keyword revavocs context: | |
1620 | 122 syn match revavocs /\<\~[^~ ]*/ |
123 syn match revavocs /[^~ ]*\~\>/ | |
124 | |
125 " numbers | |
126 syn keyword revamath decimal hex base binary octal | |
127 syn match revainteger '\<-\=[0-9.]*[0-9.]\+\>' | |
128 " recognize hex and binary numbers, the '$' and '%' notation is for greva | |
129 syn match revainteger '\<\$\x*\x\+\>' " *1* --- dont't mess | |
130 syn match revainteger '\<\x*\d\x*\>' " *2* --- this order! | |
131 syn match revainteger '\<%[0-1]*[0-1]\+\>' | |
132 syn match revainteger "\<'.\>" | |
133 | |
134 " Strings | |
135 " syn region revaString start=+\.\?\"+ end=+"+ end=+$+ | |
3371 | 136 syn region revaString start=/"/ skip=/\\"/ end=/"/ |
1620 | 137 |
138 " Comments | |
139 syn region revaComment start='\\S\s' end='.*' contains=revaTodo | |
140 syn match revaComment '\.(\s[^)]\{-})' contains=revaTodo | |
141 syn region revaComment start='(\s' skip='\\)' end=')' contains=revaTodo | |
142 syn match revaComment '(\s[^\-]*\-\-[^\-]\{-})' contains=revaTodo | |
143 syn match revaComment '\<|\s.*$' contains=revaTodo | |
144 syn match revaColonDef '\<:m\?\s*[^ \t]\+\>' contains=revaComment | |
145 | |
146 " Include files | |
147 syn match revaInclude '\<\(include\|needs\)\s\+\S\+' | |
148 | |
149 | |
150 " Define the default highlighting. | |
151 if !exists("did_reva_syntax_inits") | |
152 let did_reva_syntax_inits=1 | |
18186 | 153 " The default methods for highlighting. Can be overridden later. |
1620 | 154 hi def link revaEOF cIf0 |
155 hi def link revaHelpStuff special | |
156 hi def link revaHelpDesc Comment | |
157 hi def link revaTodo Todo | |
158 hi def link revaOperators Operator | |
159 hi def link revaMath Number | |
160 hi def link revaInteger Number | |
161 hi def link revaStack Special | |
162 hi def link revaFStack Special | |
163 hi def link revaSP Special | |
164 hi def link revaMemory Operator | |
165 hi def link revaAdrArith Function | |
166 hi def link revaMemBlks Function | |
167 hi def link revaCond Conditional | |
168 hi def link revaLoop Repeat | |
169 hi def link revaColonDef Define | |
170 hi def link revaEndOfColonDef Define | |
171 hi def link revaDefine Define | |
172 hi def link revaDebug Debug | |
173 hi def link revaCharOps Character | |
174 hi def link revaConversion String | |
175 hi def link revaForth Statement | |
176 hi def link revaVocs Statement | |
177 hi def link revaString String | |
178 hi def link revaComment Comment | |
179 hi def link revaClassDef Define | |
180 hi def link revaEndOfClassDef Define | |
181 hi def link revaObjectDef Define | |
182 hi def link revaEndOfObjectDef Define | |
183 hi def link revaInclude Include | |
184 hi def link revaBuiltin Keyword | |
185 endif | |
186 | |
187 let b:current_syntax = "reva" | |
3371 | 188 let &cpo = s:cpo_save |
189 unlet s:cpo_save | |
1620 | 190 |
191 " vim: ts=8:sw=4:nocindent:smartindent: |