Mercurial > vim
diff src/mbyte.c @ 29761:0cea0cdcce92 v9.0.0220
patch 9.0.0220: invalid memory access with for loop over NULL string
Commit: https://github.com/vim/vim/commit/f6d39c31d2177549a986d170e192d8351bd571e2
Author: Bram Moolenaar <Bram@vim.org>
Date: Tue Aug 16 17:50:38 2022 +0100
patch 9.0.0220: invalid memory access with for loop over NULL string
Problem: Invalid memory access with for loop over NULL string.
Solution: Make sure mb_ptr2len() consistently returns zero for NUL.
| author | Bram Moolenaar <Bram@vim.org> |
|---|---|
| date | Tue, 16 Aug 2022 19:00:04 +0200 |
| parents | 6b8aaf16af99 |
| children | adb0de8be4ce |
line wrap: on
line diff
--- a/src/mbyte.c +++ b/src/mbyte.c @@ -1077,24 +1077,28 @@ dbcs_char2bytes(int c, char_u *buf) } /* - * mb_ptr2len() function pointer. - * Get byte length of character at "*p" but stop at a NUL. - * For UTF-8 this includes following composing characters. - * Returns 0 when *p is NUL. + * Get byte length of character at "*p". Returns zero when "*p" is NUL. + * Used for mb_ptr2len() when 'encoding' latin. */ int latin_ptr2len(char_u *p) { - return MB_BYTE2LEN(*p); + return *p == NUL ? 0 : 1; } +/* + * Get byte length of character at "*p". Returns zero when "*p" is NUL. + * Used for mb_ptr2len() when 'encoding' DBCS. + */ static int -dbcs_ptr2len( - char_u *p) +dbcs_ptr2len(char_u *p) { int len; - // Check if second byte is not missing. + if (*p == NUL) + return 0; + + // if the second byte is missing the length is 1 len = MB_BYTE2LEN(*p); if (len == 2 && p[1] == NUL) len = 1; @@ -2105,6 +2109,7 @@ utf_ptr2len_len(char_u *p, int size) /* * Return the number of bytes the UTF-8 encoding of the character at "p" takes. * This includes following composing characters. + * Returns zero for NUL. */ int utfc_ptr2len(char_u *p)