To: vim-dev@vim.org
Subject: Patch 7.2.406
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
------------
Patch 7.2.406
Problem: Patch 7.2.119 introduces uninit mem read. (Dominique Pelle)
Solution: Only used ScreeenLinesC when ScreeenLinesUC is not zero. (Yukihiro
Nakadaira) Also clear ScreeenLinesC when allocating.
Files: src/screen.c
*** ../vim-7.2.405/src/screen.c 2010-03-23 13:56:53.000000000 +0100
--- src/screen.c 2010-03-23 15:26:44.000000000 +0100
***************
*** 25,34 ****
* one character which occupies two display cells.
* For UTF-8 a multi-byte character is converted to Unicode and stored in
* ScreenLinesUC[]. ScreenLines[] contains the first byte only. For an ASCII
! * character without composing chars ScreenLinesUC[] will be 0. When the
! * character occupies two display cells the next byte in ScreenLines[] is 0.
* ScreenLinesC[][] contain up to 'maxcombine' composing characters
! * (drawn on top of the first character). They are 0 when not used.
* ScreenLines2[] is only used for euc-jp to store the second byte if the
* first byte is 0x8e (single-width character).
*
--- 25,35 ----
* one character which occupies two display cells.
* For UTF-8 a multi-byte character is converted to Unicode and stored in
* ScreenLinesUC[]. ScreenLines[] contains the first byte only. For an ASCII
! * character without composing chars ScreenLinesUC[] will be 0 and
! * ScreenLinesC[][] is not used. When the character occupies two display
! * cells the next byte in ScreenLines[] is 0.
* ScreenLinesC[][] contain up to 'maxcombine' composing characters
! * (drawn on top of the first character). There is 0 after the last one used.
* ScreenLines2[] is only used for euc-jp to store the second byte if the
* first byte is 0x8e (single-width character).
*
***************
*** 4893,4898 ****
--- 4894,4900 ----
/*
* Return if the composing characters at "off_from" and "off_to" differ.
+ * Only to be used when ScreenLinesUC[off_from] != 0.
*/
static int
comp_char_differs(off_from, off_to)
***************
*** 6281,6286 ****
--- 6283,6289 ----
/*
* Return TRUE if composing characters for screen posn "off" differs from
* composing characters in "u8cc".
+ * Only to be used when ScreenLinesUC[off] != 0.
*/
static int
screen_comp_differs(off, u8cc)
***************
*** 6461,6468 ****
&& c == 0x8e
&& ScreenLines2[off] != ptr[1])
|| (enc_utf8
! && (ScreenLinesUC[off] != (u8char_T)(c >= 0x80 ? u8c : 0)
! || screen_comp_differs(off, u8cc)))
#endif
|| ScreenAttrs[off] != attr
|| exmode_active;
--- 6464,6473 ----
&& c == 0x8e
&& ScreenLines2[off] != ptr[1])
|| (enc_utf8
! && (ScreenLinesUC[off] !=
! (u8char_T)(c < 0x80 && u8cc[0] == 0 ? 0 : u8c)
! || (ScreenLinesUC[off] != 0
! && screen_comp_differs(off, u8cc))))
#endif
|| ScreenAttrs[off] != attr
|| exmode_active;
***************
*** 7542,7548 ****
new_ScreenLinesUC = (u8char_T *)lalloc((long_u)(
(Rows + 1) * Columns * sizeof(u8char_T)), FALSE);
for (i = 0; i < p_mco; ++i)
! new_ScreenLinesC[i] = (u8char_T *)lalloc((long_u)(
(Rows + 1) * Columns * sizeof(u8char_T)), FALSE);
}
if (enc_dbcs == DBCS_JPNU)
--- 7547,7553 ----
new_ScreenLinesUC = (u8char_T *)lalloc((long_u)(
(Rows + 1) * Columns * sizeof(u8char_T)), FALSE);
for (i = 0; i < p_mco; ++i)
! new_ScreenLinesC[i] = (u8char_T *)lalloc_clear((long_u)(
(Rows + 1) * Columns * sizeof(u8char_T)), FALSE);
}
if (enc_dbcs == DBCS_JPNU)
*** ../vim-7.2.405/src/version.c 2010-03-23 14:39:07.000000000 +0100
--- src/version.c 2010-03-23 15:34:11.000000000 +0100
***************
*** 683,684 ****
--- 683,686 ----
{ /* Add new patch number below this line */
+ /**/
+ 406,
/**/
--
VOICE OVER: As the horrendous Black Beast lunged forward, escape for Arthur
and his knights seemed hopeless, when, suddenly ... the animator
suffered a fatal heart attack.
ANIMATOR: Aaaaagh!
VOICE OVER: The cartoon peril was no more ... The Quest for Holy Grail could
continue.
"Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD
/// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ download, build and distribute -- http://www.A-A-P.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///