# HG changeset patch # User Christian Brabandt # Date 1518360305 -3600 # Node ID 6acb9148d83e8f0bc8d9153efec672912f94ec36 # Parent 611480b1f7f1e5b3cfb64c53cefe03d459e2180c patch 8.0.1503: access memory beyond end of string commit https://github.com/vim/vim/commit/cdd09aa51a8d34bb384460af4f91026dbff5bf48 Author: Bram Moolenaar Date: Sun Feb 11 15:38:40 2018 +0100 patch 8.0.1503: access memory beyond end of string Problem: Access memory beyond end of string. (Coverity) Solution: Keep allocated memory in separate pointer. Avoid outputting the NUL character. diff --git a/src/hardcopy.c b/src/hardcopy.c --- a/src/hardcopy.c +++ b/src/hardcopy.c @@ -3382,6 +3382,7 @@ mch_print_text_out(char_u *p, int len UN #ifdef FEAT_MBYTE int in_ascii; int half_width; + char_u *tofree = NULL; #endif char_width = prt_char_width; @@ -3507,19 +3508,15 @@ mch_print_text_out(char_u *p, int len UN #ifdef FEAT_MBYTE if (prt_do_conv) - { /* Convert from multi-byte to 8-bit encoding */ - p = string_convert(&prt_conv, p, &len); - if (p == NULL) - p = (char_u *)""; - } + tofree = p = string_convert(&prt_conv, p, &len); if (prt_out_mbyte) { /* Multi-byte character strings are represented more efficiently as hex * strings when outputting clean 8 bit PS. */ - do + while (len-- > 0) { ch = prt_hexchar[(unsigned)(*p) >> 4]; ga_append(&prt_ps_buffer, ch); @@ -3527,7 +3524,6 @@ mch_print_text_out(char_u *p, int len UN ga_append(&prt_ps_buffer, ch); p++; } - while (--len); } else #endif @@ -3574,8 +3570,7 @@ mch_print_text_out(char_u *p, int len UN #ifdef FEAT_MBYTE /* Need to free any translated characters */ - if (prt_do_conv && (*p != NUL)) - vim_free(p); + vim_free(tofree); #endif prt_text_run += char_width; diff --git a/src/version.c b/src/version.c --- a/src/version.c +++ b/src/version.c @@ -772,6 +772,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 1503, +/**/ 1502, /**/ 1501,