Blob Blame History Raw
To: vim-dev@vim.org
Subject: patch 7.1.074
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
------------

Patch 7.1.074
Problem:    Crash when calling string() on a recurively nested List.
Solution:   Check result value for being NULL. (Yukihiro Nakadaira)
Files:	    src/eval.c


*** ../vim-7.1.073/src/eval.c	Mon Aug  6 22:27:12 2007
--- src/eval.c	Tue Aug 14 22:01:12 2007
***************
*** 6802,6808 ****
   * "numbuf" is used for a number.
   * Does not put quotes around strings, as ":echo" displays values.
   * When "copyID" is not NULL replace recursive lists and dicts with "...".
!  * May return NULL;
   */
      static char_u *
  echo_string(tv, tofree, numbuf, copyID)
--- 6802,6808 ----
   * "numbuf" is used for a number.
   * Does not put quotes around strings, as ":echo" displays values.
   * When "copyID" is not NULL replace recursive lists and dicts with "...".
!  * May return NULL.
   */
      static char_u *
  echo_string(tv, tofree, numbuf, copyID)
***************
*** 6887,6893 ****
   * If the memory is allocated "tofree" is set to it, otherwise NULL.
   * "numbuf" is used for a number.
   * Puts quotes around strings, so that they can be parsed back by eval().
!  * May return NULL;
   */
      static char_u *
  tv2string(tv, tofree, numbuf, copyID)
--- 6887,6893 ----
   * If the memory is allocated "tofree" is set to it, otherwise NULL.
   * "numbuf" is used for a number.
   * Puts quotes around strings, so that they can be parsed back by eval().
!  * May return NULL.
   */
      static char_u *
  tv2string(tv, tofree, numbuf, copyID)
***************
*** 14974,14979 ****
--- 14974,14983 ----
  
      p1 = tv2string(&(*(listitem_T **)s1)->li_tv, &tofree1, numbuf1, 0);
      p2 = tv2string(&(*(listitem_T **)s2)->li_tv, &tofree2, numbuf2, 0);
+     if (p1 == NULL)
+ 	p1 = (char_u *)"";
+     if (p2 == NULL)
+ 	p2 = (char_u *)"";
      if (item_compare_ic)
  	res = STRICMP(p1, p2);
      else
***************
*** 15463,15469 ****
  
      rettv->v_type = VAR_STRING;
      rettv->vval.v_string = tv2string(&argvars[0], &tofree, numbuf, 0);
!     if (tofree == NULL)
  	rettv->vval.v_string = vim_strsave(rettv->vval.v_string);
  }
  
--- 15467,15474 ----
  
      rettv->v_type = VAR_STRING;
      rettv->vval.v_string = tv2string(&argvars[0], &tofree, numbuf, 0);
!     /* Make a copy if we have a value but it's not in allocate memory. */
!     if (rettv->vval.v_string != NULL && tofree == NULL)
  	rettv->vval.v_string = vim_strsave(rettv->vval.v_string);
  }
  
***************
*** 20167,20172 ****
--- 20174,20180 ----
  		char_u	buf[MSG_BUF_LEN];
  		char_u	numbuf2[NUMBUFLEN];
  		char_u	*tofree;
+ 		char_u	*s;
  
  		msg_puts((char_u *)"(");
  		for (i = 0; i < argcount; ++i)
***************
*** 20177,20186 ****
  			msg_outnum((long)argvars[i].vval.v_number);
  		    else
  		    {
! 			trunc_string(tv2string(&argvars[i], &tofree,
! 					      numbuf2, 0), buf, MSG_BUF_CLEN);
! 			msg_puts(buf);
! 			vim_free(tofree);
  		    }
  		}
  		msg_puts((char_u *)")");
--- 20185,20197 ----
  			msg_outnum((long)argvars[i].vval.v_number);
  		    else
  		    {
! 			s = tv2string(&argvars[i], &tofree, numbuf2, 0);
! 			if (s != NULL)
! 			{
! 			    trunc_string(s, buf, MSG_BUF_CLEN);
! 			    msg_puts(buf);
! 			    vim_free(tofree);
! 			}
  		    }
  		}
  		msg_puts((char_u *)")");
***************
*** 20258,20271 ****
  	    char_u	buf[MSG_BUF_LEN];
  	    char_u	numbuf2[NUMBUFLEN];
  	    char_u	*tofree;
  
  	    /* The value may be very long.  Skip the middle part, so that we
  	     * have some idea how it starts and ends. smsg() would always
  	     * truncate it at the end. */
! 	    trunc_string(tv2string(fc.rettv, &tofree, numbuf2, 0),
! 							   buf, MSG_BUF_CLEN);
! 	    smsg((char_u *)_("%s returning %s"), sourcing_name, buf);
! 	    vim_free(tofree);
  	}
  	msg_puts((char_u *)"\n");   /* don't overwrite this either */
  
--- 20269,20286 ----
  	    char_u	buf[MSG_BUF_LEN];
  	    char_u	numbuf2[NUMBUFLEN];
  	    char_u	*tofree;
+ 	    char_u	*s;
  
  	    /* The value may be very long.  Skip the middle part, so that we
  	     * have some idea how it starts and ends. smsg() would always
  	     * truncate it at the end. */
! 	    s = tv2string(fc.rettv, &tofree, numbuf2, 0);
! 	    if (s != NULL)
! 	    {
! 		trunc_string(s, buf, MSG_BUF_CLEN);
! 		smsg((char_u *)_("%s returning %s"), sourcing_name, buf);
! 		vim_free(tofree);
! 	    }
  	}
  	msg_puts((char_u *)"\n");   /* don't overwrite this either */
  
*** ../vim-7.1.073/src/version.c	Tue Aug 14 22:15:53 2007
--- src/version.c	Tue Aug 14 22:27:24 2007
***************
*** 668,669 ****
--- 668,671 ----
  {   /* Add new patch number below this line */
+ /**/
+     74,
  /**/

-- 
hundred-and-one symptoms of being an internet addict:
159. You get excited whenever discussing your hard drive.

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\        download, build and distribute -- http://www.A-A-P.org        ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///