Mercurial > vim

comparison src/optionstr.c @ 28455:8f4f16efeeb3 v8.2.4752

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.2.4752: wrong 'statusline' value can cause illegal memory access Commit: https://github.com/vim/vim/commit/5dc294a7b63ed0e508dd360bc4d98173f1a1aeec Author: zeertzjq <zeertzjq@outlook.com> Date: Fri Apr 15 13:17:57 2022 +0100 patch 8.2.4752: wrong 'statusline' value can cause illegal memory access Problem: Wrong 'statusline' value can cause illegal memory access. Solution: Properly check the value. (closes https://github.com/vim/vim/issues/10192)
author Bram Moolenaar <Bram@vim.org>
date Fri, 15 Apr 2022 14:30:03 +0200
parents e015d650ea9f
children 4dcccb2673fe
comparison
equal deleted inserted replaced
28454:e7216db16ce9 28455:8f4f16efeeb3
572 } 572 }
573 573
574 #ifdef FEAT_STL_OPT 574 #ifdef FEAT_STL_OPT
575 /* 575 /*
576 * Check validity of options with the 'statusline' format. 576 * Check validity of options with the 'statusline' format.
577 * Return error message or NULL. 577 * Return an untranslated error message or NULL.
578 */ 578 */
579 static char * 579 static char *
580 check_stl_option(char_u *s) 580 check_stl_option(char_u *s)
581 { 581 {
582 int groupdepth = 0; 582 int groupdepth = 0;
623 { 623 {
624 return illegal_char(errbuf, *s); 624 return illegal_char(errbuf, *s);
625 } 625 }
626 if (*s == '{') 626 if (*s == '{')
627 { 627 {
628 int reevaluate = (*s == '%'); 628 int reevaluate = (*++s == '%');
629 629
630 s++; 630 if (reevaluate && *++s == '}')
631 // "}" is not allowed immediately after "%{%"
632 return illegal_char(errbuf, '}');
631 while ((*s != '}' || (reevaluate && s[-1] != '%')) && *s) 633 while ((*s != '}' || (reevaluate && s[-1] != '%')) && *s)
632 s++; 634 s++;
633 if (*s != '}') 635 if (*s != '}')
634 return N_(e_unclosed_expression_sequence); 636 return e_unclosed_expression_sequence;
635 } 637 }
636 } 638 }
637 if (groupdepth != 0) 639 if (groupdepth != 0)
638 return N_(e_unbalanced_groups); 640 return e_unbalanced_groups;
639 return NULL; 641 return NULL;
640 } 642 }
641 #endif 643 #endif
642 644
643 /* 645 /*
1803 redraw_titles(); 1805 redraw_titles();
1804 } 1806 }
1805 } 1807 }
1806 1808
1807 #ifdef FEAT_STL_OPT 1809 #ifdef FEAT_STL_OPT
1808 // 'statusline' or 'rulerformat' 1810 // 'statusline', 'tabline' or 'rulerformat'
1809 else if (gvarp == &p_stl || varp == &p_ruf) 1811 else if (gvarp == &p_stl || varp == &p_tal || varp == &p_ruf)
1810 { 1812 {
1811 int wid; 1813 int wid;
1812 1814
1813 if (varp == &p_ruf) // reset ru_wid first 1815 if (varp == &p_ruf) // reset ru_wid first
1814 ru_wid = 0; 1816 ru_wid = 0;
1822 if (wid && *s == '(' && (errmsg = check_stl_option(p_ruf)) == NULL) 1824 if (wid && *s == '(' && (errmsg = check_stl_option(p_ruf)) == NULL)
1823 ru_wid = wid; 1825 ru_wid = wid;
1824 else 1826 else
1825 errmsg = check_stl_option(p_ruf); 1827 errmsg = check_stl_option(p_ruf);
1826 } 1828 }
1827 // check 'statusline' only if it doesn't start with "%!" 1829 // check 'statusline' or 'tabline' only if it doesn't start with "%!"
1828 else if (varp == &p_ruf || s[0] != '%' || s[1] != '!') 1830 else if (varp == &p_ruf || s[0] != '%' || s[1] != '!')
1829 errmsg = check_stl_option(s); 1831 errmsg = check_stl_option(s);
1830 if (varp == &p_ruf && errmsg == NULL) 1832 if (varp == &p_ruf && errmsg == NULL)
1831 comp_col(); 1833 comp_col();
1832 } 1834 }