changeset 13258:6acb9148d83e v8.0.1503

patch 8.0.1503: access memory beyond end of string commit https://github.com/vim/vim/commit/cdd09aa51a8d34bb384460af4f91026dbff5bf48 Author: Bram Moolenaar <Bram@vim.org> Date: Sun Feb 11 15:38:40 2018 +0100 patch 8.0.1503: access memory beyond end of string Problem: Access memory beyond end of string. (Coverity) Solution: Keep allocated memory in separate pointer. Avoid outputting the NUL character.
author Christian Brabandt <cb@256bit.org>
date Sun, 11 Feb 2018 15:45:05 +0100
parents 611480b1f7f1
children f99dea69711d
files src/hardcopy.c src/version.c
diffstat 2 files changed, 6 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/src/hardcopy.c
+++ b/src/hardcopy.c
@@ -3382,6 +3382,7 @@ mch_print_text_out(char_u *p, int len UN
 #ifdef FEAT_MBYTE
     int		in_ascii;
     int		half_width;
+    char_u	*tofree = NULL;
 #endif
 
     char_width = prt_char_width;
@@ -3507,19 +3508,15 @@ mch_print_text_out(char_u *p, int len UN
 
 #ifdef FEAT_MBYTE
     if (prt_do_conv)
-    {
 	/* Convert from multi-byte to 8-bit encoding */
-	p = string_convert(&prt_conv, p, &len);
-	if (p == NULL)
-	    p = (char_u *)"";
-    }
+	tofree = p = string_convert(&prt_conv, p, &len);
 
     if (prt_out_mbyte)
     {
 	/* Multi-byte character strings are represented more efficiently as hex
 	 * strings when outputting clean 8 bit PS.
 	 */
-	do
+	while (len-- > 0)
 	{
 	    ch = prt_hexchar[(unsigned)(*p) >> 4];
 	    ga_append(&prt_ps_buffer, ch);
@@ -3527,7 +3524,6 @@ mch_print_text_out(char_u *p, int len UN
 	    ga_append(&prt_ps_buffer, ch);
 	    p++;
 	}
-	while (--len);
     }
     else
 #endif
@@ -3574,8 +3570,7 @@ mch_print_text_out(char_u *p, int len UN
 
 #ifdef FEAT_MBYTE
     /* Need to free any translated characters */
-    if (prt_do_conv && (*p != NUL))
-	vim_free(p);
+    vim_free(tofree);
 #endif
 
     prt_text_run += char_width;
--- a/src/version.c
+++ b/src/version.c
@@ -772,6 +772,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1503,
+/**/
     1502,
 /**/
     1501,