To: vim-dev@vim.org
Subject: patch 7.1.054
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
------------
Patch 7.1.054
Problem: Accessing uninitialized memory when displaying the fold column.
Solution: Add a NUL to the extra array. (Dominique Pelle). Also do this in
a couple of other situations.
Files: src/screen.c
*** ../vim-7.1.053/src/screen.c Mon Jul 30 21:59:50 2007
--- src/screen.c Sun Aug 5 16:10:53 2007
***************
*** 2555,2561 ****
char_u extra[18]; /* "%ld" and 'fdc' must fit in here */
int n_extra = 0; /* number of extra chars */
! char_u *p_extra = NULL; /* string of extra chars */
int c_extra = NUL; /* extra chars, all the same */
int extra_attr = 0; /* attributes when n_extra != 0 */
static char_u *at_end_str = (char_u *)""; /* used for p_extra when
--- 2555,2561 ----
char_u extra[18]; /* "%ld" and 'fdc' must fit in here */
int n_extra = 0; /* number of extra chars */
! char_u *p_extra = NULL; /* string of extra chars, plus NUL */
int c_extra = NUL; /* extra chars, all the same */
int extra_attr = 0; /* attributes when n_extra != 0 */
static char_u *at_end_str = (char_u *)""; /* used for p_extra when
***************
*** 3189,3198 ****
if (cmdwin_type != 0 && wp == curwin)
{
/* Draw the cmdline character. */
- *extra = cmdwin_type;
n_extra = 1;
! p_extra = extra;
! c_extra = NUL;
char_attr = hl_attr(HLF_AT);
}
}
--- 3189,3196 ----
if (cmdwin_type != 0 && wp == curwin)
{
/* Draw the cmdline character. */
n_extra = 1;
! c_extra = cmdwin_type;
char_attr = hl_attr(HLF_AT);
}
}
***************
*** 3208,3213 ****
--- 3206,3212 ----
fill_foldcolumn(extra, wp, FALSE, lnum);
n_extra = wp->w_p_fdc;
p_extra = extra;
+ p_extra[n_extra] = NUL;
c_extra = NUL;
char_attr = hl_attr(HLF_FC);
}
***************
*** 3550,3558 ****
* Get the next character to put on the screen.
*/
/*
! * The 'extra' array contains the extra stuff that is inserted to
! * represent special characters (non-printable stuff). When all
! * characters are the same, c_extra is used.
* For the '$' of the 'list' option, n_extra == 1, p_extra == "".
*/
if (n_extra > 0)
--- 3549,3559 ----
* Get the next character to put on the screen.
*/
/*
! * The "p_extra" points to the extra stuff that is inserted to
! * represent special characters (non-printable stuff) and other
! * things. When all characters are the same, c_extra is used.
! * "p_extra" must end in a NUL to avoid mb_ptr2len() reads past
! * "p_extra[n_extra]".
* For the '$' of the 'list' option, n_extra == 1, p_extra == "".
*/
if (n_extra > 0)
***************
*** 3808,3817 ****
* a '<' in the first column. */
if (n_skip > 0 && mb_l > 1)
{
- extra[0] = '<';
- p_extra = extra;
n_extra = 1;
! c_extra = NUL;
c = ' ';
if (area_attr == 0 && search_attr == 0)
{
--- 3809,3816 ----
* a '<' in the first column. */
if (n_skip > 0 && mb_l > 1)
{
n_extra = 1;
! c_extra = '<';
c = ' ';
if (area_attr == 0 && search_attr == 0)
{
***************
*** 6204,6211 ****
return;
off = LineOffset[row] + col;
! while (*ptr != NUL && col < screen_Columns
! && (len < 0 || (int)(ptr - text) < len))
{
c = *ptr;
#ifdef FEAT_MBYTE
--- 6203,6211 ----
return;
off = LineOffset[row] + col;
! while (col < screen_Columns
! && (len < 0 || (int)(ptr - text) < len)
! && *ptr != NUL)
{
c = *ptr;
#ifdef FEAT_MBYTE
*** ../vim-7.1.053/src/version.c Sun Aug 5 19:20:04 2007
--- src/version.c Sun Aug 5 20:07:47 2007
***************
*** 668,669 ****
--- 668,671 ----
{ /* Add new patch number below this line */
+ /**/
+ 54,
/**/
--
From "know your smileys":
+<(:-) The Pope
/// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ download, build and distribute -- http://www.A-A-P.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///