Mercurial > vim
annotate runtime/syntax/sqlinformix.vim @ 33865:8cdb69ea3711 v9.0.2143
patch 9.0.2143: [security]: buffer-overflow in ex_substitute
Commit: https://github.com/vim/vim/commit/abfa13ebe92d81aaf66669c428d767847b577453
Author: Christian Brabandt <cb@256bit.org>
Date: Thu Nov 30 11:32:18 2023 +0100
patch 9.0.2143: [security]: buffer-overflow in ex_substitute
Problem: [security]: buffer-overflow in ex_substitute
Solution: clear memory after allocating
When allocating the new_start pointer in ex_substitute() the memory
pointer points to some garbage that the following for loop in
ex_cmds.c:4743 confuses and causes it to accessing the new_start pointer
beyond it's size, leading to a buffer-overlow.
So fix this by using alloc_clear() instead of alloc(), which will
clear the memory by NUL and therefore cause the loop to terminate
correctly.
Reported by @henices, thanks!
closes: #13596
Signed-off-by: Christian Brabandt <cb@256bit.org>
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Sun, 10 Dec 2023 15:16:05 +0100 |
parents | d46f974fd69e |
children |
rev | line source |
---|---|
22 | 1 " Vim syntax file |
2 " Informix Structured Query Language (SQL) and Stored Procedure Language (SPL) | |
3 " Language: SQL, SPL (Informix Dynamic Server 2000 v9.2) | |
4 " Maintainer: Dean Hill <dhill@hotmail.com> | |
5 " Last Change: 2004 Aug 30 | |
6 | |
10048
43efa4f5a8ea
commit https://github.com/vim/vim/commit/89bcfda6834aba724d12554a34b9ed49f5789fd5
Christian Brabandt <cb@256bit.org>
parents:
22
diff
changeset
|
7 " quit when a syntax file was already loaded |
43efa4f5a8ea
commit https://github.com/vim/vim/commit/89bcfda6834aba724d12554a34b9ed49f5789fd5
Christian Brabandt <cb@256bit.org>
parents:
22
diff
changeset
|
8 if exists("b:current_syntax") |
22 | 9 finish |
10 endif | |
11 | |
12 syn case ignore | |
13 | |
14 | |
15 | |
16 " === Comment syntax group === | |
17 syn region sqlComment start="{" end="}" contains=sqlTodo | |
18 syn match sqlComment "--.*$" contains=sqlTodo | |
19 syn sync ccomment sqlComment | |
20 | |
21 | |
22 | |
23 " === Constant syntax group === | |
24 " = Boolean subgroup = | |
25 syn keyword sqlBoolean true false | |
26 syn keyword sqlBoolean null | |
27 syn keyword sqlBoolean public user | |
28 syn keyword sqlBoolean current today | |
29 syn keyword sqlBoolean year month day hour minute second fraction | |
30 | |
31 " = String subgroup = | |
32 syn region sqlString start=+"+ end=+"+ | |
33 syn region sqlString start=+'+ end=+'+ | |
34 | |
35 " = Numbers subgroup = | |
36 syn match sqlNumber "-\=\<\d*\.\=[0-9_]\>" | |
37 | |
38 | |
39 | |
40 " === Statement syntax group === | |
41 " SQL | |
42 syn keyword sqlStatement allocate alter | |
43 syn keyword sqlStatement begin | |
44 syn keyword sqlStatement close commit connect create | |
45 syn keyword sqlStatement database deallocate declare delete describe disconnect drop | |
46 syn keyword sqlStatement execute fetch flush free get grant info insert | |
47 syn keyword sqlStatement load lock open output | |
48 syn keyword sqlStatement prepare put | |
49 syn keyword sqlStatement rename revoke rollback select set start stop | |
50 syn keyword sqlStatement truncate unload unlock update | |
51 syn keyword sqlStatement whenever | |
52 " SPL | |
53 syn keyword sqlStatement call continue define | |
54 syn keyword sqlStatement exit | |
55 syn keyword sqlStatement let | |
56 syn keyword sqlStatement return system trace | |
57 | |
58 " = Conditional subgroup = | |
59 " SPL | |
60 syn keyword sqlConditional elif else if then | |
61 syn keyword sqlConditional case | |
62 " Highlight "end if" with one or more separating spaces | |
63 syn match sqlConditional "end \+if" | |
64 | |
65 " = Repeat subgroup = | |
66 " SQL/SPL | |
67 " Handle SQL triggers' "for each row" clause and SPL "for" loop | |
68 syn match sqlRepeat "for\( \+each \+row\)\=" | |
69 " SPL | |
70 syn keyword sqlRepeat foreach while | |
71 " Highlight "end for", etc. with one or more separating spaces | |
72 syn match sqlRepeat "end \+for" | |
73 syn match sqlRepeat "end \+foreach" | |
74 syn match sqlRepeat "end \+while" | |
75 | |
76 " = Exception subgroup = | |
77 " SPL | |
78 syn match sqlException "on \+exception" | |
79 syn match sqlException "end \+exception" | |
80 syn match sqlException "end \+exception \+with \+resume" | |
81 syn match sqlException "raise \+exception" | |
82 | |
83 " = Keyword subgroup = | |
84 " SQL | |
85 syn keyword sqlKeyword aggregate add as authorization autofree by | |
86 syn keyword sqlKeyword cache cascade check cluster collation | |
87 syn keyword sqlKeyword column connection constraint cross | |
88 syn keyword sqlKeyword dataskip debug default deferred_prepare | |
89 syn keyword sqlKeyword descriptor diagnostics | |
90 syn keyword sqlKeyword each escape explain external | |
91 syn keyword sqlKeyword file foreign fragment from function | |
92 syn keyword sqlKeyword group having | |
93 syn keyword sqlKeyword immediate index inner into isolation | |
94 syn keyword sqlKeyword join key | |
95 syn keyword sqlKeyword left level log | |
96 syn keyword sqlKeyword mode modify mounting new no | |
97 syn keyword sqlKeyword object of old optical option | |
98 syn keyword sqlKeyword optimization order outer | |
99 syn keyword sqlKeyword pdqpriority pload primary procedure | |
100 syn keyword sqlKeyword references referencing release reserve | |
101 syn keyword sqlKeyword residency right role routine row | |
102 syn keyword sqlKeyword schedule schema scratch session set | |
103 syn keyword sqlKeyword statement statistics synonym | |
104 syn keyword sqlKeyword table temp temporary timeout to transaction trigger | |
105 syn keyword sqlKeyword using values view violations | |
106 syn keyword sqlKeyword where with work | |
107 " Highlight "on" (if it's not followed by some words we've already handled) | |
108 syn match sqlKeyword "on \+\(exception\)\@!" | |
109 " SPL | |
110 " Highlight "end" (if it's not followed by some words we've already handled) | |
111 syn match sqlKeyword "end \+\(if\|for\|foreach\|while\|exception\)\@!" | |
112 syn keyword sqlKeyword resume returning | |
113 | |
114 " = Operator subgroup = | |
115 " SQL | |
116 syn keyword sqlOperator not and or | |
117 syn keyword sqlOperator in is any some all between exists | |
118 syn keyword sqlOperator like matches | |
119 syn keyword sqlOperator union intersect | |
120 syn keyword sqlOperator distinct unique | |
121 | |
122 | |
123 | |
124 " === Identifier syntax group === | |
125 " = Function subgroup = | |
126 " SQL | |
127 syn keyword sqlFunction abs acos asin atan atan2 avg | |
128 syn keyword sqlFunction cardinality cast char_length character_length cos count | |
129 syn keyword sqlFunction exp filetoblob filetoclob hex | |
130 syn keyword sqlFunction initcap length logn log10 lower lpad | |
131 syn keyword sqlFunction min max mod octet_length pow range replace root round rpad | |
132 syn keyword sqlFunction sin sqrt stdev substr substring sum | |
133 syn keyword sqlFunction to_char tan to_date trim trunc upper variance | |
134 | |
135 | |
136 | |
137 " === Type syntax group === | |
138 " SQL | |
139 syn keyword sqlType blob boolean byte char character clob | |
140 syn keyword sqlType date datetime dec decimal double | |
141 syn keyword sqlType float int int8 integer interval list lvarchar | |
142 syn keyword sqlType money multiset nchar numeric nvarchar | |
143 syn keyword sqlType real serial serial8 smallfloat smallint | |
144 syn keyword sqlType text varchar varying | |
145 | |
146 | |
147 | |
148 " === Todo syntax group === | |
149 syn keyword sqlTodo TODO FIXME XXX DEBUG NOTE | |
150 | |
151 | |
152 | |
153 " Define the default highlighting. | |
10048
43efa4f5a8ea
commit https://github.com/vim/vim/commit/89bcfda6834aba724d12554a34b9ed49f5789fd5
Christian Brabandt <cb@256bit.org>
parents:
22
diff
changeset
|
154 " Only when an item doesn't have highlighting yet |
22 | 155 |
156 | |
10048
43efa4f5a8ea
commit https://github.com/vim/vim/commit/89bcfda6834aba724d12554a34b9ed49f5789fd5
Christian Brabandt <cb@256bit.org>
parents:
22
diff
changeset
|
157 " === Comment syntax group === |
10051
46763b01cd9a
commit https://github.com/vim/vim/commit/f37506f60f87d52a9e8850e30067645e2b13783c
Christian Brabandt <cb@256bit.org>
parents:
10048
diff
changeset
|
158 hi def link sqlComment Comment |
22 | 159 |
10048
43efa4f5a8ea
commit https://github.com/vim/vim/commit/89bcfda6834aba724d12554a34b9ed49f5789fd5
Christian Brabandt <cb@256bit.org>
parents:
22
diff
changeset
|
160 " === Constant syntax group === |
10051
46763b01cd9a
commit https://github.com/vim/vim/commit/f37506f60f87d52a9e8850e30067645e2b13783c
Christian Brabandt <cb@256bit.org>
parents:
10048
diff
changeset
|
161 hi def link sqlNumber Number |
46763b01cd9a
commit https://github.com/vim/vim/commit/f37506f60f87d52a9e8850e30067645e2b13783c
Christian Brabandt <cb@256bit.org>
parents:
10048
diff
changeset
|
162 hi def link sqlBoolean Boolean |
46763b01cd9a
commit https://github.com/vim/vim/commit/f37506f60f87d52a9e8850e30067645e2b13783c
Christian Brabandt <cb@256bit.org>
parents:
10048
diff
changeset
|
163 hi def link sqlString String |
22 | 164 |
32974
d46f974fd69e
runtime: Fix typos in various files
Christian Brabandt <cb@256bit.org>
parents:
10051
diff
changeset
|
165 " === Statement syntax group === |
10051
46763b01cd9a
commit https://github.com/vim/vim/commit/f37506f60f87d52a9e8850e30067645e2b13783c
Christian Brabandt <cb@256bit.org>
parents:
10048
diff
changeset
|
166 hi def link sqlStatement Statement |
46763b01cd9a
commit https://github.com/vim/vim/commit/f37506f60f87d52a9e8850e30067645e2b13783c
Christian Brabandt <cb@256bit.org>
parents:
10048
diff
changeset
|
167 hi def link sqlConditional Conditional |
46763b01cd9a
commit https://github.com/vim/vim/commit/f37506f60f87d52a9e8850e30067645e2b13783c
Christian Brabandt <cb@256bit.org>
parents:
10048
diff
changeset
|
168 hi def link sqlRepeat Repeat |
46763b01cd9a
commit https://github.com/vim/vim/commit/f37506f60f87d52a9e8850e30067645e2b13783c
Christian Brabandt <cb@256bit.org>
parents:
10048
diff
changeset
|
169 hi def link sqlKeyword Keyword |
46763b01cd9a
commit https://github.com/vim/vim/commit/f37506f60f87d52a9e8850e30067645e2b13783c
Christian Brabandt <cb@256bit.org>
parents:
10048
diff
changeset
|
170 hi def link sqlOperator Operator |
46763b01cd9a
commit https://github.com/vim/vim/commit/f37506f60f87d52a9e8850e30067645e2b13783c
Christian Brabandt <cb@256bit.org>
parents:
10048
diff
changeset
|
171 hi def link sqlException Exception |
22 | 172 |
10048
43efa4f5a8ea
commit https://github.com/vim/vim/commit/89bcfda6834aba724d12554a34b9ed49f5789fd5
Christian Brabandt <cb@256bit.org>
parents:
22
diff
changeset
|
173 " === Identifier syntax group === |
10051
46763b01cd9a
commit https://github.com/vim/vim/commit/f37506f60f87d52a9e8850e30067645e2b13783c
Christian Brabandt <cb@256bit.org>
parents:
10048
diff
changeset
|
174 hi def link sqlFunction Function |
22 | 175 |
10048
43efa4f5a8ea
commit https://github.com/vim/vim/commit/89bcfda6834aba724d12554a34b9ed49f5789fd5
Christian Brabandt <cb@256bit.org>
parents:
22
diff
changeset
|
176 " === Type syntax group === |
10051
46763b01cd9a
commit https://github.com/vim/vim/commit/f37506f60f87d52a9e8850e30067645e2b13783c
Christian Brabandt <cb@256bit.org>
parents:
10048
diff
changeset
|
177 hi def link sqlType Type |
22 | 178 |
10048
43efa4f5a8ea
commit https://github.com/vim/vim/commit/89bcfda6834aba724d12554a34b9ed49f5789fd5
Christian Brabandt <cb@256bit.org>
parents:
22
diff
changeset
|
179 " === Todo syntax group === |
10051
46763b01cd9a
commit https://github.com/vim/vim/commit/f37506f60f87d52a9e8850e30067645e2b13783c
Christian Brabandt <cb@256bit.org>
parents:
10048
diff
changeset
|
180 hi def link sqlTodo Todo |
10048
43efa4f5a8ea
commit https://github.com/vim/vim/commit/89bcfda6834aba724d12554a34b9ed49f5789fd5
Christian Brabandt <cb@256bit.org>
parents:
22
diff
changeset
|
181 |
22 | 182 |
183 let b:current_syntax = "sqlinformix" |