rpms / vim

Clone
Source Code
GIT

Blame 7.3.664

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta c9s-sig-hyperscale
  1.   954b0f096656076fe7ba6b323ae78abbebb0dab3
  2.   7.3.664
Blob History Raw
Karsten Hopp 3392e4 
To: vim_dev@googlegroups.com
Karsten Hopp 3392e4 
Subject: Patch 7.3.664
Karsten Hopp 3392e4 
Fcc: outbox
Karsten Hopp 3392e4 
From: Bram Moolenaar <Bram@moolenaar.net>
Karsten Hopp 3392e4 
Mime-Version: 1.0
Karsten Hopp 3392e4 
Content-Type: text/plain; charset=UTF-8
Karsten Hopp 3392e4 
Content-Transfer-Encoding: 8bit
Karsten Hopp 3392e4 
------------
Karsten Hopp 3392e4
Karsten Hopp 3392e4 
Patch 7.3.664
Karsten Hopp 3392e4 
Problem:    Buffer overflow in unescaping text. (Raymond Ko)
Karsten Hopp 3392e4 
Solution:   Limit check for multi-byte character to 4 bytes.
Karsten Hopp 3392e4 
Files:	    src/mbyte.c
Karsten Hopp 3392e4
Karsten Hopp 3392e4
Karsten Hopp 3392e4 
*** ../vim-7.3.663/src/mbyte.c	2012-06-01 17:46:52.000000000 +0200
Karsten Hopp 3392e4 
--- src/mbyte.c	2012-09-18 17:53:05.000000000 +0200
Karsten Hopp 3392e4 
***************
Karsten Hopp 3392e4 
*** 3793,3805 ****
Karsten Hopp 3392e4 
  mb_unescape(pp)
Karsten Hopp 3392e4 
      char_u **pp;
Karsten Hopp 3392e4 
  {
Karsten Hopp 3392e4 
!     static char_u	buf[MB_MAXBYTES + 1];
Karsten Hopp 3392e4 
!     int			n, m = 0;
Karsten Hopp 3392e4 
      char_u		*str = *pp;
Karsten Hopp 3392e4
Karsten Hopp 3392e4 
      /* Must translate K_SPECIAL KS_SPECIAL KE_FILLER to K_SPECIAL and CSI
Karsten Hopp 3392e4 
!      * KS_EXTRA KE_CSI to CSI. */
Karsten Hopp 3392e4 
!     for (n = 0; str[n] != NUL && m <= MB_MAXBYTES; ++n)
Karsten Hopp 3392e4 
      {
Karsten Hopp 3392e4 
  	if (str[n] == K_SPECIAL
Karsten Hopp 3392e4 
  		&& str[n + 1] == KS_SPECIAL
Karsten Hopp 3392e4 
--- 3793,3807 ----
Karsten Hopp 3392e4 
  mb_unescape(pp)
Karsten Hopp 3392e4 
      char_u **pp;
Karsten Hopp 3392e4 
  {
Karsten Hopp 3392e4 
!     static char_u	buf[6];
Karsten Hopp 3392e4 
!     int			n;
Karsten Hopp 3392e4 
!     int			m = 0;
Karsten Hopp 3392e4 
      char_u		*str = *pp;
Karsten Hopp 3392e4
Karsten Hopp 3392e4 
      /* Must translate K_SPECIAL KS_SPECIAL KE_FILLER to K_SPECIAL and CSI
Karsten Hopp 3392e4 
!      * KS_EXTRA KE_CSI to CSI.
Karsten Hopp 3392e4 
!      * Maximum length of a utf-8 character is 4 bytes. */
Karsten Hopp 3392e4 
!     for (n = 0; str[n] != NUL && m < 4; ++n)
Karsten Hopp 3392e4 
      {
Karsten Hopp 3392e4 
  	if (str[n] == K_SPECIAL
Karsten Hopp 3392e4 
  		&& str[n + 1] == KS_SPECIAL
Karsten Hopp 3392e4 
***************
Karsten Hopp 3392e4 
*** 3836,3841 ****
Karsten Hopp 3392e4 
--- 3838,3847 ----
Karsten Hopp 3392e4 
  	    *pp = str + n + 1;
Karsten Hopp 3392e4 
  	    return buf;
Karsten Hopp 3392e4 
  	}
Karsten Hopp 3392e4 
+
Karsten Hopp 3392e4 
+ 	/* Bail out quickly for ASCII. */
Karsten Hopp 3392e4 
+ 	if (buf[0] < 128)
Karsten Hopp 3392e4 
+ 	    break;
Karsten Hopp 3392e4 
      }
Karsten Hopp 3392e4 
      return NULL;
Karsten Hopp 3392e4 
  }
Karsten Hopp 3392e4 
*** ../vim-7.3.663/src/version.c	2012-09-18 16:47:00.000000000 +0200
Karsten Hopp 3392e4 
--- src/version.c	2012-09-18 18:01:14.000000000 +0200
Karsten Hopp 3392e4 
***************
Karsten Hopp 3392e4 
*** 721,722 ****
Karsten Hopp 3392e4 
--- 721,724 ----
Karsten Hopp 3392e4 
  {   /* Add new patch number below this line */
Karsten Hopp 3392e4 
+ /**/
Karsten Hopp 3392e4 
+     664,
Karsten Hopp 3392e4 
  /**/
Karsten Hopp 3392e4
Karsten Hopp 3392e4 
--
Karsten Hopp 3392e4 
There are three kinds of people: Those who can count & those who can't.
Karsten Hopp 3392e4
Karsten Hopp 3392e4 
 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
Karsten Hopp 3392e4 
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
Karsten Hopp 3392e4 
\\\  an exciting new programming language -- http://www.Zimbu.org        ///
Karsten Hopp 3392e4 
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation