Mercurial > vim
comparison src/ex_getln.c @ 28905:f3f45218f923 v8.2.4975
patch 8.2.4975: recursive command line loop may cause a crash
Commit: https://github.com/vim/vim/commit/51f0bfb88a3554ca2dde777d78a59880d1ee37a8
Author: Bram Moolenaar <Bram@vim.org>
Date: Tue May 17 20:11:02 2022 +0100
patch 8.2.4975: recursive command line loop may cause a crash
Problem: Recursive command line loop may cause a crash.
Solution: Limit recursion of getcmdline().
| author | Bram Moolenaar <Bram@vim.org> |
|---|---|
| date | Tue, 17 May 2022 21:15:03 +0200 |
| parents | d0241e74bfdb |
| children | 45c182c4f7e9 |
comparison
equal
deleted
inserted
replaced
| 28904:02398ff5b522 | 28905:f3f45218f923 |
|---|---|
| 1579 int firstc, | 1579 int firstc, |
| 1580 long count UNUSED, // only used for incremental search | 1580 long count UNUSED, // only used for incremental search |
| 1581 int indent, // indent for inside conditionals | 1581 int indent, // indent for inside conditionals |
| 1582 int clear_ccline) // clear ccline first | 1582 int clear_ccline) // clear ccline first |
| 1583 { | 1583 { |
| 1584 static int depth = 0; // call depth | |
| 1584 int c; | 1585 int c; |
| 1585 int i; | 1586 int i; |
| 1586 int j; | 1587 int j; |
| 1587 int gotesc = FALSE; // TRUE when <ESC> just typed | 1588 int gotesc = FALSE; // TRUE when <ESC> just typed |
| 1588 int do_abbr; // when TRUE check for abbr. | 1589 int do_abbr; // when TRUE check for abbr. |
| 1609 cmdline_info_T save_ccline; | 1610 cmdline_info_T save_ccline; |
| 1610 int did_save_ccline = FALSE; | 1611 int did_save_ccline = FALSE; |
| 1611 int cmdline_type; | 1612 int cmdline_type; |
| 1612 int wild_type; | 1613 int wild_type; |
| 1613 | 1614 |
| 1615 // one recursion level deeper | |
| 1616 ++depth; | |
| 1617 | |
| 1614 if (ccline.cmdbuff != NULL) | 1618 if (ccline.cmdbuff != NULL) |
| 1615 { | 1619 { |
| 1616 // Being called recursively. Since ccline is global, we need to save | 1620 // Being called recursively. Since ccline is global, we need to save |
| 1617 // the current buffer and restore it when returning. | 1621 // the current buffer and restore it when returning. |
| 1618 save_cmdline(&save_ccline); | 1622 save_cmdline(&save_ccline); |
| 1638 init_incsearch_state(&is_state); | 1642 init_incsearch_state(&is_state); |
| 1639 #endif | 1643 #endif |
| 1640 | 1644 |
| 1641 if (init_ccline(firstc, indent) != OK) | 1645 if (init_ccline(firstc, indent) != OK) |
| 1642 goto theend; // out of memory | 1646 goto theend; // out of memory |
| 1647 | |
| 1648 if (depth == 50) | |
| 1649 { | |
| 1650 // Somehow got into a loop recursively calling getcmdline(), bail out. | |
| 1651 emsg(_(e_command_too_recursive)); | |
| 1652 goto theend; | |
| 1653 } | |
| 1643 | 1654 |
| 1644 ExpandInit(&xpc); | 1655 ExpandInit(&xpc); |
| 1645 ccline.xpc = &xpc; | 1656 ccline.xpc = &xpc; |
| 1646 | 1657 |
| 1647 #ifdef FEAT_RIGHTLEFT | 1658 #ifdef FEAT_RIGHTLEFT |
| 2574 | 2585 |
| 2575 theend: | 2586 theend: |
| 2576 { | 2587 { |
| 2577 char_u *p = ccline.cmdbuff; | 2588 char_u *p = ccline.cmdbuff; |
| 2578 | 2589 |
| 2590 --depth; | |
| 2579 if (did_save_ccline) | 2591 if (did_save_ccline) |
| 2580 restore_cmdline(&save_ccline); | 2592 restore_cmdline(&save_ccline); |
| 2581 else | 2593 else |
| 2582 ccline.cmdbuff = NULL; | 2594 ccline.cmdbuff = NULL; |
| 2583 return p; | 2595 return p; |