Blob Blame History Raw
To: vim_dev@googlegroups.com
Subject: Patch 7.3.521
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
------------

Patch 7.3.521
Problem:    Using "z=" on a multi-byte character may cause a crash.
Solution:   Don't use strlen() on an int pointer.
Files:	    src/spell.c


*** ../vim-7.3.520/src/spell.c	2012-01-10 22:26:12.000000000 +0100
--- src/spell.c	2012-05-18 18:01:58.000000000 +0200
***************
*** 14494,14506 ****
      int		p0 = -333;
      int		c0;
      int		did_white = FALSE;
  
      /*
       * Convert the multi-byte string to a wide-character string.
       * Remove accents, if wanted.  We actually remove all non-word characters.
       * But keep white space.
       */
!     n = 0;
      for (s = inword; *s != NUL; )
      {
  	t = s;
--- 14494,14508 ----
      int		p0 = -333;
      int		c0;
      int		did_white = FALSE;
+     int		wordlen;
+ 
  
      /*
       * Convert the multi-byte string to a wide-character string.
       * Remove accents, if wanted.  We actually remove all non-word characters.
       * But keep white space.
       */
!     wordlen = 0;
      for (s = inword; *s != NUL; )
      {
  	t = s;
***************
*** 14521,14532 ****
  		    continue;
  	    }
  	}
! 	word[n++] = c;
      }
!     word[n] = NUL;
  
      /*
!      * This comes from Aspell phonet.cpp.
       * Converted from C++ to C.  Added support for multi-byte chars.
       * Changed to keep spaces.
       */
--- 14523,14534 ----
  		    continue;
  	    }
  	}
! 	word[wordlen++] = c;
      }
!     word[wordlen] = NUL;
  
      /*
!      * This algorithm comes from Aspell phonet.cpp.
       * Converted from C++ to C.  Added support for multi-byte chars.
       * Changed to keep spaces.
       */
***************
*** 14711,14717 ****
  			    }
  			if (k > k0)
  			    mch_memmove(word + i + k0, word + i + k,
! 				    sizeof(int) * (STRLEN(word + i + k) + 1));
  
  			/* new "actual letter" */
  			c = word[i];
--- 14713,14719 ----
  			    }
  			if (k > k0)
  			    mch_memmove(word + i + k0, word + i + k,
! 				    sizeof(int) * (wordlen - (i + k) + 1));
  
  			/* new "actual letter" */
  			c = word[i];
***************
*** 14739,14745 ****
  			    if (c != NUL)
  				wres[reslen++] = c;
  			    mch_memmove(word, word + i + 1,
! 				    sizeof(int) * (STRLEN(word + i + 1) + 1));
  			    i = 0;
  			    z0 = 1;
  			}
--- 14741,14747 ----
  			    if (c != NUL)
  				wres[reslen++] = c;
  			    mch_memmove(word, word + i + 1,
! 				       sizeof(int) * (wordlen - (i + 1) + 1));
  			    i = 0;
  			    z0 = 1;
  			}
*** ../vim-7.3.520/src/version.c	2012-05-18 17:03:14.000000000 +0200
--- src/version.c	2012-05-18 18:06:29.000000000 +0200
***************
*** 716,717 ****
--- 716,719 ----
  {   /* Add new patch number below this line */
+ /**/
+     521,
  /**/

-- 
OLD WOMAN: King of the WHO?
ARTHUR:    The Britons.
OLD WOMAN: Who are the Britons?
                 "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\  an exciting new programming language -- http://www.Zimbu.org        ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///