To: vim-dev@vim.org

Subject: patch 7.1.054

Fcc: outbox

From: Bram Moolenaar <Bram@moolenaar.net>

Mime-Version: 1.0

Content-Type: text/plain; charset=ISO-8859-1

Content-Transfer-Encoding: 8bit

------------

Patch 7.1.054

Problem:    Accessing uninitialized memory when displaying the fold column.

Solution:   Add a NUL to the extra array. (Dominique Pelle).  Also do this in

	    a couple of other situations.

Files:	    src/screen.c

*** ../vim-7.1.053/src/screen.c	Mon Jul 30 21:59:50 2007

--- src/screen.c	Sun Aug  5 16:10:53 2007

***************

*** 2555,2561 ****

      char_u	extra[18];		/* "%ld" and 'fdc' must fit in here */

      int		n_extra = 0;		/* number of extra chars */

!     char_u	*p_extra = NULL;	/* string of extra chars */

      int		c_extra = NUL;		/* extra chars, all the same */

      int		extra_attr = 0;		/* attributes when n_extra != 0 */

      static char_u *at_end_str = (char_u *)""; /* used for p_extra when

--- 2555,2561 ----

      char_u	extra[18];		/* "%ld" and 'fdc' must fit in here */

      int		n_extra = 0;		/* number of extra chars */

!     char_u	*p_extra = NULL;	/* string of extra chars, plus NUL */

      int		c_extra = NUL;		/* extra chars, all the same */

      int		extra_attr = 0;		/* attributes when n_extra != 0 */

      static char_u *at_end_str = (char_u *)""; /* used for p_extra when

***************

*** 3189,3198 ****

  		if (cmdwin_type != 0 && wp == curwin)

  		{

  		    /* Draw the cmdline character. */

- 		    *extra = cmdwin_type;

  		    n_extra = 1;

! 		    p_extra = extra;

! 		    c_extra = NUL;

  		    char_attr = hl_attr(HLF_AT);

  		}

  	    }

--- 3189,3196 ----

  		if (cmdwin_type != 0 && wp == curwin)

  		{

  		    /* Draw the cmdline character. */

  		    n_extra = 1;

! 		    c_extra = cmdwin_type;

  		    char_attr = hl_attr(HLF_AT);

  		}

  	    }

***************

*** 3208,3213 ****

--- 3206,3212 ----

  		    fill_foldcolumn(extra, wp, FALSE, lnum);

  		    n_extra = wp->w_p_fdc;

  		    p_extra = extra;

+ 		    p_extra[n_extra] = NUL;

  		    c_extra = NUL;

  		    char_attr = hl_attr(HLF_FC);

  		}

***************

*** 3550,3558 ****

  	 * Get the next character to put on the screen.

  	 */

  	/*

! 	 * The 'extra' array contains the extra stuff that is inserted to

! 	 * represent special characters (non-printable stuff).  When all

! 	 * characters are the same, c_extra is used.

  	 * For the '$' of the 'list' option, n_extra == 1, p_extra == "".

  	 */

  	if (n_extra > 0)

--- 3549,3559 ----

  	 * Get the next character to put on the screen.

  	 */

  	/*

! 	 * The "p_extra" points to the extra stuff that is inserted to

! 	 * represent special characters (non-printable stuff) and other

! 	 * things.  When all characters are the same, c_extra is used.

! 	 * "p_extra" must end in a NUL to avoid mb_ptr2len() reads past

! 	 * "p_extra[n_extra]".

  	 * For the '$' of the 'list' option, n_extra == 1, p_extra == "".

  	 */

  	if (n_extra > 0)

***************

*** 3808,3817 ****

  		 * a '<' in the first column. */

  		if (n_skip > 0 && mb_l > 1)

  		{

- 		    extra[0] = '<';

- 		    p_extra = extra;

  		    n_extra = 1;

! 		    c_extra = NUL;

  		    c = ' ';

  		    if (area_attr == 0 && search_attr == 0)

  		    {

--- 3809,3816 ----

  		 * a '<' in the first column. */

  		if (n_skip > 0 && mb_l > 1)

  		{

  		    n_extra = 1;

! 		    c_extra = '<';

  		    c = ' ';

  		    if (area_attr == 0 && search_attr == 0)

  		    {

***************

*** 6204,6211 ****

  	return;

      off = LineOffset[row] + col;

!     while (*ptr != NUL && col < screen_Columns

! 				      && (len < 0 || (int)(ptr - text) < len))

      {

  	c = *ptr;

  #ifdef FEAT_MBYTE

--- 6203,6211 ----

  	return;

      off = LineOffset[row] + col;

!     while (col < screen_Columns

! 	    && (len < 0 || (int)(ptr - text) < len)

! 	    && *ptr != NUL)

      {

  	c = *ptr;

  #ifdef FEAT_MBYTE

*** ../vim-7.1.053/src/version.c	Sun Aug  5 19:20:04 2007

--- src/version.c	Sun Aug  5 20:07:47 2007

***************

*** 668,669 ****

--- 668,671 ----

  {   /* Add new patch number below this line */

+ /**/

+     54,

  /**/

-- 

From "know your smileys":

 +<(:-) The Pope

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\

///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\

\\\        download, build and distribute -- http://www.A-A-P.org        ///

 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///