To: vim_dev@googlegroups.com

Subject: Patch 7.3.146

Fcc: outbox

From: Bram Moolenaar <Bram@moolenaar.net>

Mime-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

------------

Patch 7.3.146

Problem:    It's possible to assign to a read-only member of a dict.

	    It's possible to create a global variable "0". (ZyX)

            It's possible to add a v: variable with ":let v:.name = 1".

Solution:   Add check for dict item being read-only.

	    Check the name of g: variables.

	    Disallow adding v: variables.

Files:	    src/eval.c

*** ../vim-7.3.145/src/eval.c	2011-02-01 13:48:47.000000000 +0100

--- src/eval.c	2011-03-27 15:56:44.000000000 +0200

***************

*** 789,794 ****

--- 789,796 ----

  static void set_var __ARGS((char_u *name, typval_T *varp, int copy));

  static int var_check_ro __ARGS((int flags, char_u *name));

  static int var_check_fixed __ARGS((int flags, char_u *name));

+ static int var_check_func_name __ARGS((char_u *name, int new_var));

+ static int valid_varname __ARGS((char_u *varname));

  static int tv_check_lock __ARGS((int lock, char_u *name));

  static int item_copy __ARGS((typval_T *from, typval_T *to, int deep, int copyID));

  static char_u *find_option_end __ARGS((char_u **arg, int *opt_flags));

***************

*** 2716,2723 ****

--- 2718,2744 ----

  	    lp->ll_list = NULL;

  	    lp->ll_dict = lp->ll_tv->vval.v_dict;

  	    lp->ll_di = dict_find(lp->ll_dict, key, len);

+ 

+ 	    /* When assigning to g: check that a function and variable name is

+ 	     * valid. */

+ 	    if (rettv != NULL && lp->ll_dict == &globvardict)

+ 	    {

+ 		if (rettv->v_type == VAR_FUNC

+ 			       && var_check_func_name(key, lp->ll_di == NULL))

+ 		    return NULL;

+ 		if (!valid_varname(key))

+ 		    return NULL;

+ 	    }

+ 

  	    if (lp->ll_di == NULL)

  	    {

+ 		/* Can't add "v:" variable. */

+ 		if (lp->ll_dict == &vimvardict)

+ 		{

+ 		    EMSG2(_(e_illvar), name);

+ 		    return NULL;

+ 		}

+ 

  		/* Key does not exist in dict: may need to add it. */

  		if (*p == '[' || *p == '.' || unlet)

  		{

***************

*** 2737,2742 ****

--- 2758,2767 ----

  		    p = NULL;

  		break;

  	    }

+ 	    /* existing variable, need to check if it can be changed */

+ 	    else if (var_check_ro(lp->ll_di->di_flags, name))

+ 		return NULL;

+ 

  	    if (len == -1)

  		clear_tv(&var1;;

  	    lp->ll_tv = &lp->ll_di->di_tv;

***************

*** 19786,19792 ****

      dictitem_T	*v;

      char_u	*varname;

      hashtab_T	*ht;

-     char_u	*p;

      ht = find_var_ht(name, &varname);

      if (ht == NULL || *varname == NUL)

--- 19811,19816 ----

***************

*** 19796,19820 ****

      }

      v = find_var_in_ht(ht, varname, TRUE);

!     if (tv->v_type == VAR_FUNC)

!     {

! 	if (!(vim_strchr((char_u *)"wbs", name[0]) != NULL && name[1] == ':')

! 		&& !ASCII_ISUPPER((name[0] != NUL && name[1] == ':')

! 							 ? name[2] : name[0]))

! 	{

! 	    EMSG2(_("E704: Funcref variable name must start with a capital: %s"), name);

! 	    return;

! 	}

! 	/* Don't allow hiding a function.  When "v" is not NULL we might be

! 	 * assigning another function to the same var, the type is checked

! 	 * below. */

! 	if (v == NULL && function_exists(name))

! 	{

! 	    EMSG2(_("E705: Variable name conflicts with existing function: %s"),

! 									name);

! 	    return;

! 	}

!     }

      if (v != NULL)

      {

--- 19820,19827 ----

      }

      v = find_var_in_ht(ht, varname, TRUE);

!     if (tv->v_type == VAR_FUNC && var_check_func_name(name, v == NULL))

! 	return;

      if (v != NULL)

      {

***************

*** 19880,19892 ****

  	}

  	/* Make sure the variable name is valid. */

! 	for (p = varname; *p != NUL; ++p)

! 	    if (!eval_isnamec1(*p) && (p == varname || !VIM_ISDIGIT(*p))

! 						       && *p != AUTOLOAD_CHAR)

! 	    {

! 		EMSG2(_(e_illvar), varname);

! 		return;

! 	    }

  	v = (dictitem_T *)alloc((unsigned)(sizeof(dictitem_T)

  							  + STRLEN(varname)));

--- 19887,19894 ----

  	}

  	/* Make sure the variable name is valid. */

! 	if (!valid_varname(varname))

! 	    return;

  	v = (dictitem_T *)alloc((unsigned)(sizeof(dictitem_T)

  							  + STRLEN(varname)));

***************

*** 19951,19956 ****

--- 19953,20007 ----

  }

  /*

+  * Check if a funcref is assigned to a valid variable name.

+  * Return TRUE and give an error if not.

+  */

+     static int

+ var_check_func_name(name, new_var)

+     char_u *name;    /* points to start of variable name */

+     int    new_var;  /* TRUE when creating the variable */

+ {

+     if (!(vim_strchr((char_u *)"wbs", name[0]) != NULL && name[1] == ':')

+ 	    && !ASCII_ISUPPER((name[0] != NUL && name[1] == ':')

+ 						     ? name[2] : name[0]))

+     {

+ 	EMSG2(_("E704: Funcref variable name must start with a capital: %s"),

+ 									name);

+ 	return TRUE;

+     }

+     /* Don't allow hiding a function.  When "v" is not NULL we might be

+      * assigning another function to the same var, the type is checked

+      * below. */

+     if (new_var && function_exists(name))

+     {

+ 	EMSG2(_("E705: Variable name conflicts with existing function: %s"),

+ 								    name);

+ 	return TRUE;

+     }

+     return FALSE;

+ }

+ 

+ /*

+  * Check if a variable name is valid.

+  * Return FALSE and give an error if not.

+  */

+     static int

+ valid_varname(varname)

+     char_u *varname;

+ {

+     char_u *p;

+ 

+     for (p = varname; *p != NUL; ++p)

+ 	if (!eval_isnamec1(*p) && (p == varname || !VIM_ISDIGIT(*p))

+ 						   && *p != AUTOLOAD_CHAR)

+ 	{

+ 	    EMSG2(_(e_illvar), varname);

+ 	    return FALSE;

+ 	}

+     return TRUE;

+ }

+ 

+ /*

   * Return TRUE if typeval "tv" is set to be locked (immutable).

   * Also give an error message, using "name".

   */

*** ../vim-7.3.145/src/version.c	2011-03-26 18:32:00.000000000 +0100

--- src/version.c	2011-03-27 16:01:03.000000000 +0200

***************

*** 716,717 ****

--- 716,719 ----

  {   /* Add new patch number below this line */

+ /**/

+     146,

  /**/

-- 

ARTHUR: It is I, Arthur, son of Uther Pendragon, from the castle of Camelot.

        King of all Britons, defeator of the Saxons, sovereign of all England!

   [Pause]

SOLDIER: Get away!

                 "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\

///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\

\\\  an exciting new programming language -- http://www.Zimbu.org        ///

 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///