Mercurial > vim

changeset 14784:0745e2cd4606 v8.1.0404

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.1.0404: accessing invalid memory with long argument name commit https://github.com/vim/vim/commit/e961cba3cb8281c47f1dc2c2bc031b07504f17d4 Author: Bram Moolenaar <Bram@vim.org> Date: Tue Sep 18 21:51:47 2018 +0200 patch 8.1.0404: accessing invalid memory with long argument name Problem: Accessing invalid memory with long argument name. Solution: Use item_count instead of checking for a terminating NULL. (Dominique Pelle, closes #3444)
author Christian Brabandt <cb@256bit.org>
date Tue, 18 Sep 2018 22:00:09 +0200
parents 382b629454f5
children 7f365a30fe7c
files src/testdir/test_arglist.vim src/version.c
diffstat 2 files changed, 10 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/testdir/test_arglist.vim
+++ b/src/testdir/test_arglist.vim
@@ -411,3 +411,10 @@ func Test_arg_all_expand()
   call assert_equal('notexist Xx\ x runtest.vim', expand('##'))
   call delete('Xx x')
 endfunc
+
+func Test_large_arg()
+  " Argument longer or equal to the number of columns used to cause
+  " access to invalid memory.
+  exe 'argadd ' .repeat('x', &columns)
+  args
+endfunc
--- a/src/version.c
+++ b/src/version.c
@@ -795,6 +795,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    404,
+/**/
     403,
 /**/
     402,
@@ -1725,7 +1727,7 @@ list_in_columns(char_u **items, int size
     if (Columns < width)
     {
 	/* Not enough screen columns - show one per line */
-	for (i = 0; items[i] != NULL; ++i)
+	for (i = 0; i < item_count; ++i)
 	{
 	    version_msg_wrap(items[i], i == current);
 	    if (msg_col > 0)