Mercurial > vim

changeset 25415:02d1b2817585 v8.2.3244

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.2.3244: Lua 5.3 print() with a long string crashes Commit: https://github.com/vim/vim/commit/41114a2a27047bf1884e092b98c6298c128eb2f0 Author: Yegappan Lakshmanan <yegappan@yahoo.com> Date: Thu Jul 29 20:22:14 2021 +0200 patch 8.2.3244: Lua 5.3 print() with a long string crashes Problem: Lua 5.3 print() with a long string crashes. Solution: Use a growarray instead of a Lua buffer. (Yegappan Lakshmanan, closes #8655)
author Bram Moolenaar <Bram@vim.org>
date Thu, 29 Jul 2021 20:30:08 +0200
parents 45926a62bafd
children a84e887cd597
files src/if_lua.c src/misc2.c src/proto/misc2.pro src/version.c
diffstat 4 files changed, 34 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/src/if_lua.c
+++ b/src/if_lua.c
@@ -1720,11 +1720,12 @@ static const luaL_Reg luaV_Window_mt[] =
     static int
 luaV_print(lua_State *L)
 {
-    int i, n = lua_gettop(L); // nargs
-    const char *s;
-    size_t l;
-    luaL_Buffer b;
-    luaL_buffinit(L, &b);
+    int		i, n = lua_gettop(L); // nargs
+    const char	*s;
+    size_t	l;
+    garray_T	msg_ga;
+
+    ga_init2(&msg_ga, 1, 128);
     lua_getglobal(L, "tostring");
     for (i = 1; i <= n; i++)
     {
@@ -1735,13 +1736,19 @@ luaV_print(lua_State *L)
 	if (s == NULL)
 	    return luaL_error(L, "cannot convert to string");
 	if (i > 1)
-	    luaL_addchar(&b, ' '); // use space instead of tab
-	luaV_addlstring(&b, s, l, 0);
+	    ga_append(&msg_ga, ' '); // use space instead of tab
+	ga_concat_len(&msg_ga, (char_u *)s, l);
 	lua_pop(L, 1);
     }
-    luaL_pushresult(&b);
+    // Replace any "\n" with "\0"
+    for (i = 0; i < msg_ga.ga_len; i++)
+	if (((char *)msg_ga.ga_data)[i] == '\n')
+	    ((char *)msg_ga.ga_data)[i] = '\0';
+    lua_pushlstring(L, msg_ga.ga_data, msg_ga.ga_len);
     if (!got_int)
 	luaV_msg(L);
+
+    ga_clear(&msg_ga);
     return 0;
 }
 
--- a/src/misc2.c
+++ b/src/misc2.c
@@ -1566,6 +1566,22 @@ ga_concat(garray_T *gap, char_u *s)
 }
 
 /*
+ * Concatenate 'len' bytes from string 's' to a growarray.
+ * When "s" is NULL does not do anything.
+ */
+    void
+ga_concat_len(garray_T *gap, char_u *s, size_t len)
+{
+    if (s == NULL || *s == NUL)
+	return;
+    if (ga_grow(gap, len) == OK)
+    {
+	mch_memmove((char *)gap->ga_data + gap->ga_len, s, (size_t)len);
+	gap->ga_len += len;
+    }
+}
+
+/*
  * Append one byte to a growarray which contains bytes.
  */
     void
--- a/src/proto/misc2.pro
+++ b/src/proto/misc2.pro
@@ -45,6 +45,7 @@ int ga_grow_inner(garray_T *gap, int n);
 char_u *ga_concat_strings(garray_T *gap, char *sep);
 int ga_add_string(garray_T *gap, char_u *p);
 void ga_concat(garray_T *gap, char_u *s);
+void ga_concat_len(garray_T *gap, char_u *s, size_t len);
 void ga_append(garray_T *gap, int c);
 void append_ga_line(garray_T *gap);
 int simplify_key(int key, int *modifiers);
--- a/src/version.c
+++ b/src/version.c
@@ -756,6 +756,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    3244,
+/**/
     3243,
 /**/
     3242,