Mercurial > vim

changeset 15924:98d315176d48 v8.1.0968

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.1.0968: crash when using search pattern %Ufffffc23 commit https://github.com/vim/vim/commit/527a2d86fb375fcc7b34e80fc47f4c7126fc12ba Author: Bram Moolenaar <Bram@vim.org> Date: Thu Feb 21 22:28:51 2019 +0100 patch 8.1.0968: crash when using search pattern \%Ufffffc23 Problem: Crash when using search pattern \%Ufffffc23. Solution: Limit character to INT_MAX. (closes https://github.com/vim/vim/issues/4009)
author Bram Moolenaar <Bram@vim.org>
date Thu, 21 Feb 2019 22:30:06 +0100
parents 5818bd3610d1
children 5e40c2b82a0f
files src/regexp_nfa.c src/testdir/test_search.vim src/version.c
diffstat 3 files changed, 12 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/regexp_nfa.c
+++ b/src/regexp_nfa.c
@@ -1475,7 +1475,7 @@ nfa_regatom(void)
 			    default:  nr = -1; break;
 			}
 
-			if (nr < 0)
+			if (nr < 0 || nr > INT_MAX)
 			    EMSG2_RET_FAIL(
 			       _("E678: Invalid character after %s%%[dxouU]"),
 				    reg_magic == MAGIC_ALL);
--- a/src/testdir/test_search.vim
+++ b/src/testdir/test_search.vim
@@ -1211,3 +1211,12 @@ func Test_search_Ctrl_L_combining()
   call assert_equal(bufcontent[1], @/)
   call Incsearch_cleanup()
 endfunc
+
+func Test_large_hex_chars()
+  " This used to cause a crash, the character becomes an NFA state.
+  try
+    /\%Ufffffc23
+  catch
+    call assert_match('E678:', v:exception)
+  endtry
+endfunc
--- a/src/version.c
+++ b/src/version.c
@@ -780,6 +780,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    968,
+/**/
     967,
 /**/
     966,