To:
[email protected]
Subject: Patch 7.2a.010
Fcc: outbox
From: Bram Moolenaar <
[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
------------
Patch 7.2a.010
Problem: When a file name has an illegal byte sequence Vim may read
uninitialised memory.
Solution: Don't use UTF_COMPOSINGLIKE() on an illegal byte. In
msg_outtrans_len_attr() use char2cells() instead of ptr2cells().
In utf_ptr2char() don't check second byte when first byte is
illega. (Dominique Pelle)
Files: src/mbyte.c, src/message.c
*** ../vim-7.2a.009/src/mbyte.c Tue Jun 24 23:15:45 2008
--- src/mbyte.c Sun Jun 29 16:00:54 2008
***************
*** 1387,1393 ****
return p[0];
len = utf8len_tab[p[0]];
! if ((p[1] & 0xc0) == 0x80)
{
if (len == 2)
return ((p[0] & 0x1f) << 6) + (p[1] & 0x3f);
--- 1387,1393 ----
return p[0];
len = utf8len_tab[p[0]];
! if (len > 1 && (p[1] & 0xc0) == 0x80)
{
if (len == 2)
return ((p[0] & 0x1f) << 6) + (p[1] & 0x3f);
***************
*** 1753,1766 ****
#endif
while (len < size)
{
! if (p[len] < 0x80 || !UTF_COMPOSINGLIKE(p + prevlen, p + len))
break;
/* Skip over composing char */
#ifdef FEAT_ARABIC
prevlen = len;
#endif
! len += utf_ptr2len_len(p + len, size - len);
}
return len;
}
--- 1753,1779 ----
#endif
while (len < size)
{
! int len_next_char;
!
! if (p[len] < 0x80)
! break;
!
! /*
! * Next character length should not go beyond size to ensure that
! * UTF_COMPOSINGLIKE(...) does not read beyond size.
! */
! len_next_char = utf_ptr2len_len(p + len, size - len);
! if (len_next_char > size - len)
! break;
!
! if (!UTF_COMPOSINGLIKE(p + prevlen, p + len))
break;
/* Skip over composing char */
#ifdef FEAT_ARABIC
prevlen = len;
#endif
! len += len_next_char;
}
return len;
}
*** ../vim-7.2a.009/src/message.c Sat Jun 28 16:09:31 2008
--- src/message.c Sun Jun 29 15:57:17 2008
***************
*** 1391,1397 ****
plain_start = str + 1;
msg_puts_attr(s, attr == 0 ? hl_attr(HLF_8) : attr);
}
! retval += ptr2cells(str);
++str;
}
}
--- 1391,1397 ----
plain_start = str + 1;
msg_puts_attr(s, attr == 0 ? hl_attr(HLF_8) : attr);
}
! retval += char2cells(*str);
++str;
}
}
*** ../vim-7.2a.009/src/version.c Sun Jun 29 13:59:48 2008
--- src/version.c Sun Jun 29 16:12:49 2008
***************
*** 678,679 ****
--- 678,681 ----
{ /* Add new patch number below this line */
+ /**/
+ 10,
/**/
--
hundred-and-one symptoms of being an internet addict:
118. You are on a first-name basis with your ISP's staff.
/// Bram Moolenaar --
[email protected] --
http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features --
http://www.Vim.org/sponsor/ \\\
\\\ download, build and distribute --
http://www.A-A-P.org ///
\\\ help me help AIDS victims --
http://ICCF-Holland.org ///
