changeset 29761:0cea0cdcce92 v9.0.0220

patch 9.0.0220: invalid memory access with for loop over NULL string Commit: https://github.com/vim/vim/commit/f6d39c31d2177549a986d170e192d8351bd571e2 Author: Bram Moolenaar <Bram@vim.org> Date: Tue Aug 16 17:50:38 2022 +0100 patch 9.0.0220: invalid memory access with for loop over NULL string Problem: Invalid memory access with for loop over NULL string. Solution: Make sure mb_ptr2len() consistently returns zero for NUL.
author Bram Moolenaar <Bram@vim.org>
date Tue, 16 Aug 2022 19:00:04 +0200
parents 946d96da668b
children 13b522cb29d9
files src/globals.h src/mbyte.c src/testdir/test_eval_stuff.vim src/version.c
diffstat 4 files changed, 17 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/src/globals.h
+++ b/src/globals.h
@@ -1035,7 +1035,8 @@ EXTERN vimconv_T output_conv;			// type 
  * (DBCS).
  * The value is set in mb_init();
  */
-// length of char in bytes, including following composing chars
+// Length of char in bytes, including any following composing chars.
+// NUL has length zero.
 EXTERN int (*mb_ptr2len)(char_u *p) INIT(= latin_ptr2len);
 
 // idem, with limit on string length
--- a/src/mbyte.c
+++ b/src/mbyte.c
@@ -1077,24 +1077,28 @@ dbcs_char2bytes(int c, char_u *buf)
 }
 
 /*
- * mb_ptr2len() function pointer.
- * Get byte length of character at "*p" but stop at a NUL.
- * For UTF-8 this includes following composing characters.
- * Returns 0 when *p is NUL.
+ * Get byte length of character at "*p".  Returns zero when "*p" is NUL.
+ * Used for mb_ptr2len() when 'encoding' latin.
  */
     int
 latin_ptr2len(char_u *p)
 {
- return MB_BYTE2LEN(*p);
+    return *p == NUL ? 0 : 1;
 }
 
+/*
+ * Get byte length of character at "*p".  Returns zero when "*p" is NUL.
+ * Used for mb_ptr2len() when 'encoding' DBCS.
+ */
     static int
-dbcs_ptr2len(
-    char_u	*p)
+dbcs_ptr2len(char_u *p)
 {
     int		len;
 
-    // Check if second byte is not missing.
+    if (*p == NUL)
+	return 0;
+
+    // if the second byte is missing the length is 1
     len = MB_BYTE2LEN(*p);
     if (len == 2 && p[1] == NUL)
 	len = 1;
@@ -2105,6 +2109,7 @@ utf_ptr2len_len(char_u *p, int size)
 /*
  * Return the number of bytes the UTF-8 encoding of the character at "p" takes.
  * This includes following composing characters.
+ * Returns zero for NUL.
  */
     int
 utfc_ptr2len(char_u *p)
index c63082e8e8b6dcc823d2fee3f3054ee363e8f11e..313d791850c003bfbe907b33d89e440567ea3d13
GIT binary patch
literal 23887
zc%02#{c_{Dk<Y*J1MK~aWpYFL&Xz?={w&LN{*ZU4Zj(*zq^7oN>{5{wBr!vgI+Bv@
z%x+bl<{sf*;NB!plEw$|K>`##ldX++M<Rjl#;+TVMgtV#pg-fHEYLj5(Kg8AY*Qe-
z4H8r?<8)E<_x6fxlSdeBWBfGTlyTDE#;d)(`6i9ZI7?A+G0(EzJ_^DtFZU2C^B4F;
zD97a{Ptk`*G#;Y?6h%Q9E!8RyZg4sy4DeM6WTGjmDP@^5^667tE~hxpv%I%Y#U%*}
ziUQ~56#vgANP6Bu1!lhzs0vH7N?cK9Ii41Af>YpK6$>hm-G40<D3^KmL_t=_Ias)e
zmKh*H?o*zn3luDZICYJfG>QZCF3K@Zzl&4cdy~LtVTQW;IE(Y?TIxv)dhU<(`v~|-
zJOgp=+O3<S%s03f7eIz1Q1hkEw7;+Pk%Ru6zd$#mGDEB2BS!c+E=p2R@yED8vkVuh
zTOw+E%Gbms!E{6n7DY#s)8YBWk!0dJ<aiCf)N`4Pe!qW!oVBx$<^gokjJj%&HnF}?
z(V~+a(wG2WY}RY&`2w5|oSUjrRHl2%;}Xw7cJIR@K>U$hHVjJ|FM6(`oI?p629D@P
z)sc)doZu4o>heUfFkC)ww8p$=aKM`?sRM74WLlIt=nO8t8{db=3f17Ei#kCVfilDd
zf^&3CI1L_3oOc>!DRjUlAj6jWDkz46JP%&b7=1WC*!!*XfZ|08qm6`<V(+&P=!BK7
zXj#T<WfA#MiXYG;tqal_DzX);H<}8XLni>8HgAMHIX@Xvl;HJCTwoMss}%??(53*d
zf>xsdu83>JX^Hc+@)NX%u$U79h<xa*@AU`ACqu68c8WpS?S=3tR+!PkESZtMFO0T#
zC?#hcyRJhl4j7w##WaML4g|fqJGscJ*-k>U1BJtAI2do!IE6VOo;4ybZ<h?oXD}N&
zKc_8vgYz?+&q?Ac<U^E<(=>PYU%~sy4crTK{<FpcJn@`PHV7SgN5@D0QE~K;vZxTx
z_sG;U%Y!GImf05P`Y_`iS_E4>#XvenZ{Ul}7ElUT<G9Gq&W_JHU6huH&2|K6M1VGj
zE`?W7|L3@x2j?`n8iN23QsoHK8wR67WKsn}9PQ3&7^eYD0i?wgKULBJIvKuXzWm^3
zDJDa`e9Gw866PoOai1xez>Jxo`FuRf3Nb;lXo-IOL1~0Tqca*{bG1tM@Tvl2nYb+|
z4w%6Gnsgzo)(kMhKfgm0pCLK4jGqq<$bHDkBmk261%b~lozH5@u0_2yDIVy<r+AIO
zZcH<peB%JG`3s~(>+(hRRegG-)rVqIBjGewf@ro{2N20OX`IGo3{m5+P_e=gxnIb5
zcn>l3atvYA?~ev2$ClnAeWch(X_9qDb2imbwJMpdjJi1wn>n7(@4x?^*cZOo{mu0c
z4psXHMS#s4Two&z;S2a`O6UTb8q^wS(_s}nn{>#7bV0}UXkSAN<W|HU!Ry<g63%L1
z*(3}J#b~#LL%&UFhS8L2;F6^MRhn){V#GuWG$iwQ)YG0?wOh~BKUazYD+}=?F@g*i
zr!q4#tPBD&&|wzqTZ4-rK^<uN_8_ImVMIG5bwbnyQa4Nz6wM!raRZm%h2$=DMO}Z4
z!WMafMNH5ie-;~n``iY*v<S({G62_`Cs|OsGBKdCu3d3Ytl;(i;i$1x;xeykEs;yi
z8SaaWNBF2i9Td&uXPTPCMX|x?ccbIMsp`HT<MlL{L-ISNtKXiwSY+#Am!#ozZ$QF(
z26&LcMOo6@M?d|9-js!0;|cns#&UmeuZZ$^T|(AXkgWvYHj<_qo!=NybkR#K2^l)0
zJ@i?KwY!u#3Xr8eu_B`GIq{CIODE}&l=A$nos@uQ-PorAb22(pa#o`o%z?gtZ0Yks
zA67hbLr?2A^}5;A>ts`}gH5FY>w~s#1@rLmd}1C#XSI#R!pvM+x3!vPsF-HE4RYNg
z!%h|%y0(QlwF8&MF!`RzL6QRZ=vD@i%gKe6E2v|>4`tZ$;w1ZB231o_%UCi3QZ;J#
za}Jrg`H6MydBJHFC3X^4mkHTcJ3`(7{){T<lvn6%;CaXXu`$J%#Zfs8q6im-$viZ1
zzaUZWlRM8cSa*6qH^T?%$N_ruhLHAw%!ta<2rOMTYVER7C&wH$9h1Av=>Zyer<O{H
zDTA!F_IqpX84-MDt~~ZUBKh>x!hAA<>d<os1NOhAiNWaX`1AxwpS@PXp?`XEMpfA%
zkNzDX(l8;j&^Zv4MzAWt&p6sZ+Un4u;JKu9|L_XJ>Z)fkx9cIqrsg_xJ2&6&sAydV
z0HTPeZ^_xCebaNAL0;+CU)3c{skDlmn!~tib9DopyL7F_Z&{sfR^|^jYQ%IdKR52<
z)}<Oy^G=>ds~LM>L3Vy@>lRL|Y!M|8c6+;bZJUfFf(b_BJY!)DlPu(n=chbWH>s4Z
zt4>naK~9$b6(aw<8=_76G0mRR3eSM=16Db}U$W4i0W?AUMQT<_>c|-_gEYlSox7Gz
zD36vls}OQ#Si(+MaXKyHzhbe|92bxqLz|>AM4p$u6eV7f!g85yN^~+pVO%06f<C6m
z@)ALc{<Op?O0$y6ft+m~FE%-z!DUXKcO)-;Yb4!XFmVJ(V@~C>BclMg=n@^Cvp>s3
z%1MJ~m_`MqZiegX$<3md1}l7k%9l0St`3q-^#wjeg5a8e!mT+j1Q(2VflClauAzts
zwM5w9g15pLIuTPW+^ID-h)6ISG@q_i+zfw>#cL&RY0KknS#~{u6ygESMH2E~4$Zp5
zNNiy!c6S}(ty}ouPjZ|Ol=RVQmS_S=<wNRNMZV`Efu<o;FKdduyggi9br78^f*x`y
zzELik7!y-ay^O{f+l|4wXxRg8#i4?29=+a_+^KV1Y?4xLr&p1~;alTr2BReT8fD}0
zLkj=!gX6$Th;=tyIDc|1j>05U&!T(tKHJ#sxxaUrGxE({(?m&qY8nPb9LWgHN_((G
zJD?tOO}--;g;iSxs;#btv93io=w${O#6(og2X{;@KPI$e@+6@S=(++FwII6I5K(Fg
zfiVkgmfFrJDMLHdgj^&oP~U4%DU0H`N@)#tJ7pIYYD`3_9cK64gIAcHBV?RLoKmh)
zw~m~z>#iEVQR9%;-!P?&3Wut~Hv;61P(?4ZfedRPZ`uJd&kwplqT~_-;}+m7wVh#7
zhIXv<B5c9xkQo2|>R7`>Icva}w8zeLuhW8Z?Jzs_{5Dm#O>oqKZxjbsK}x{}wK{Wt
zhN6;xNAD4p!{b4R{u|geV3OMP;H|aT;Z;&T!zQT1ALT=OTTSyt9MEk`*pJk(f2)M>
zTVaEGsZFOy59hb`Abwksv`t92HDr`tgCc||NL#61gIvJdp+ejAf2+no368Rv5DJk^
zg}U%`QEzPKHtIOz)px8Xj4IC5Ub<5Ze<zfvm)c;?^j^5L8~?5%VNu<VtQOSos2%S@
z1&$E(*omeKc4Fc?IYbFxQw7YWPFgg;QiBmkHxaNV0<m6ZLx^h#Cq~OoDp+lnoir^w
zp;nuO3KSveu@g;a+|sfWqh*EEw%|flcwYm?zSQWUn}Z3htJ9UMi-Hzr>p+-un)|9p
zwpXTh7-7wo?gid^p_5)_Lp-l_$-NQVeTA(pLf)(C$~`sZeWZX8A|5-@bVe+gjL;Xn
z`Wre3ynz|}LfX`;vW{;Au5Scnz03x2QG@tRHPajLEjhk#Ww!$YBgmxz<hKIQw*sVI
zW&^pbf&8`w<XaB%t=W2S)t-MVT7N4L>18%VZ)=F&R#+T#y<U@@&UAtP_#NG*tf1L9
z7yO#5HWE?a)fZunRLidgoyJ`1*Cx}(gy7dAZ)2?crorBDUBBVG4e#;I?$hW%-!-qp
z9f)}y_7Z$`V?bG5H_B~&e62@F)=TDqc*9}YBhHPQlijEoSm(;r-&kkEcvDa48Aw~|
zXf>Ul^#TMnm(>B<YHbj2YgsO%Z%wkeDJ_%eotFFQXzp~Zwptt3yIL-|1M8&Cq!Sh9
zL<cg_VcKeKFekOSdk4&WX;MpSB_{IsS5>sWSN-r_$7`;$p}nuqf<8;7M8tfDOZp}X
zd3;yw4w-D^4(X%HPFu1=Io^jd4%A9J@1PB>dj@RCGGG?p4OOSO8LC5FLTi?HS<f?C
zs}n>Oz*`2;;t5eR$-b4Ax|Ja7rJYxSX8X-5cy~kg1Nt3HKGj5b5>>Oj>$0!KbTn1=
z4v^1C;cjS#hy_INA@ym>_>c-j{HMY~h|6JjrtOl-8yH*Dc&?X4p?OUq13pa&OMRF8
zSmjU=s|i(y0C6n?MAQ}`^u78a+h`v~YE0nM{!n>XvXib$E-|jL?TRM}3n*<H-fBc)
zJbDDF!b76Pm|c{wiaMOj>TI_%{)9{+O9Z-=5$Ht38nzQP4Aq#!^NC@o#H3wxU6K?Q
zrQ~{_a+(tr9%g(?$kH<v1`eq85LLw=UkhTpD7$7bDwnlyltE)tMbE9pIN;w}POXlJ
z>dH5aq1W(s&C$*Lt$925{MKlpXYb0;VXWo>R9!{JLD!YDbLMXpuxltLZOMwhC=g?d
ze{0*_>L{zO62rKB4R6;4g_*x~fx$;q*p><1HRF&vFqr`J@T{&v<B;yk*=2~+O<yHe
zaT%x*(l&+e+Mb|ei?18#KuY{JZ=p-`_bsEG{Kw_&9`bPYkh*Hizo6tVjV?7KwTBx?
z4CB+^6?No8)kf?PdJ{Rj0*R_MYxftE`(+VJGbfQ~4`GrHhQ8l6mT6A$)oDvO;wlqC
zyCRdSGHdu3llzKvMbB5nB@yc&W+)^CTcV;gC<Kq=0a%ng{cZ`5Uy0}5%>XBKr?Pg1
zJ5_n!_%A5=6`}Ptf3`5JcL4`s-~9OFcb#`ZMu!72U>sJ!Lm-QYqr;)B8C7LK<e1aE
zKnvm^T?SVwS>6nVFh!~weHk<**3x=b#6`#&Rfr7rzgqiUe>(R0=C{rfa^W|MYSKxG
zDxTaAmAa8Ar5$XaSoB}(kalFuXKg5VLn&30FD3?#Q<(>t3}I?2MXA%|$cgAz$I<y$
zGhfy-W2bd{Zj{u7lM+=pxgRQZBT-s)d&`e*#Nejw$oYx2q1+9nR8_v3xO1e+ti_}V
zgHt(5ohC_6oBskxy8cAx3p>X;>gD$5D6F+WO4Js}{ZOeJiPEb3+kTnym3OZ2O0)A;
zl)IsntF<7eTaHwjU6~AFbSg!u)8xqc{a44)`PVh1rP_4QCw2$vJ%#kHLgv1*Y&8>{
zlTqjmYM#K#R9|2vL#=+K)CiBT{g?nVpBQKoWN(NTwfmvkLanu`S0sMfFG8B=87@z&
zuSt{-$^Ip=b^iSjYqRb$T9=}FpCWswitI7Sqa{7yi@Yp@3;Kp#-K&l&uR5~q?hyj9
zzjY)GbtH_hm)Vp)swsVBjCGWX3I(;h;87wyTuV%i@(#G1F{3t4!edIu^tD)O+-9kY
z^+3EEbHrbcF}CDzlJvo`*kQcW4vGl1)l{|%PD0<ALs1g1!z{>Wd-9z?QO4izOYsx>
z31w;W^7Wp0-%mU7N^p>u>PnoJ1;HqesX#a>_z_sN>0pbgck*K+`TKhkOP>?IouibT
zew3z|9gJCK=*Po%INxG&+y+`_;M!qAUX3FMaTLpJlgv=Di6V@-5b|Erln4gXkrQa#
z|8T{-W^lc)y%R?Y9(A^CO->(s6NRD}uE*{sC9faN*m)h^i!_VcQKTuhRob*q)oljL
z(Jp)?2QzIMgtH7?JjE&bqVG97%h;iH{!Wm3cU8^RJJIP*xv$x*GN*(=K6)<megIH)
z6Jx{Rb;RA+3!>CzC-mgNC@3ta|GDaDV(*!Hp8YjhmD+nHIeR`z4u#@;*5mawK62QX
z-|+-Vt*OrEPI4}XM4=CkM|y@#43zoo%y4F*iFy15%p@Mru;Z|EFC9mRZg|@++T_X0
z6hy|0bOjDAj|jXdwn0u_N+jRa!6=K11utDFr3rl>uvWM*6@GGy3%5_{f2QY8EZ~+>
z{#;X!A2&dm$w9c}LSm~>2)RfKMpQDAqR~G?HtM6gbSU~~$~QIex)y+FlgiFhZWrn;
z>qO(hAsDYAG=WnT)k$9tJ?a!a1qI3>@{$lkUh~f8s3?QzqtPiH{EU$cQySGE$7>wG
zq~8Oi-eBPKV==vx^9wW)ITFk-8RAWE@dfJjREKrYe^1~2X>$Aa`a60E<&qqo3c)ER
zFOV;TJcvq|mgt#%Ax5}}f;FBUpr>UF$rwEcwE!8jYy&gaA+08g&^^65%vT@rOVQgW
zZ>fWtL^wavnZ8_2bPZB;N%FZXv<lXQ_W;C^X|y_zcSTQ!dRhi0nbZg*kjJDH2kKGC
z95s0-KcA-Alwq9~YaG!N2Ed>xIV=|1L6?6x{QKYj_X=I!u4Y%f=Q5Bn#R-J#0=k79
zw|RN{!&TJ{LK)|QGZSMskBs2wfG9))^}ZbHdRx`8*Vbm9ZS6o@s!Jn;)GGJz!Osxo
zMwc?#6hu7$tU@iqI^pu(zml8{NKo5~$2a4d;Y2_p4Q^PIAWa=Q8k<7KFdGli05_@*
zt0KoKu&$m0+WH9F6!i3Ja6tEy3yxmIGmI{;DzAhQmzUff>6yOkED1{Rc_w^M9{Nr5
zkHIJJ@b_SjcZY|cuKq3kDgFQd`}g0dV`>|(E+BJ@=jBs8E0<#*1QqZJMh4%8jArj2
DsI^G<
--- a/src/version.c
+++ b/src/version.c
@@ -736,6 +736,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    220,
+/**/
     219,
 /**/
     218,