Blob Blame History Raw
To: vim-dev@vim.org
Subject: patch 7.1.054
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
------------

Patch 7.1.054
Problem:    Accessing uninitialized memory when displaying the fold column.
Solution:   Add a NUL to the extra array. (Dominique Pelle).  Also do this in
	    a couple of other situations.
Files:	    src/screen.c


*** ../vim-7.1.053/src/screen.c	Mon Jul 30 21:59:50 2007
--- src/screen.c	Sun Aug  5 16:10:53 2007
***************
*** 2555,2561 ****
  
      char_u	extra[18];		/* "%ld" and 'fdc' must fit in here */
      int		n_extra = 0;		/* number of extra chars */
!     char_u	*p_extra = NULL;	/* string of extra chars */
      int		c_extra = NUL;		/* extra chars, all the same */
      int		extra_attr = 0;		/* attributes when n_extra != 0 */
      static char_u *at_end_str = (char_u *)""; /* used for p_extra when
--- 2555,2561 ----
  
      char_u	extra[18];		/* "%ld" and 'fdc' must fit in here */
      int		n_extra = 0;		/* number of extra chars */
!     char_u	*p_extra = NULL;	/* string of extra chars, plus NUL */
      int		c_extra = NUL;		/* extra chars, all the same */
      int		extra_attr = 0;		/* attributes when n_extra != 0 */
      static char_u *at_end_str = (char_u *)""; /* used for p_extra when
***************
*** 3189,3198 ****
  		if (cmdwin_type != 0 && wp == curwin)
  		{
  		    /* Draw the cmdline character. */
- 		    *extra = cmdwin_type;
  		    n_extra = 1;
! 		    p_extra = extra;
! 		    c_extra = NUL;
  		    char_attr = hl_attr(HLF_AT);
  		}
  	    }
--- 3189,3196 ----
  		if (cmdwin_type != 0 && wp == curwin)
  		{
  		    /* Draw the cmdline character. */
  		    n_extra = 1;
! 		    c_extra = cmdwin_type;
  		    char_attr = hl_attr(HLF_AT);
  		}
  	    }
***************
*** 3208,3213 ****
--- 3206,3212 ----
  		    fill_foldcolumn(extra, wp, FALSE, lnum);
  		    n_extra = wp->w_p_fdc;
  		    p_extra = extra;
+ 		    p_extra[n_extra] = NUL;
  		    c_extra = NUL;
  		    char_attr = hl_attr(HLF_FC);
  		}
***************
*** 3550,3558 ****
  	 * Get the next character to put on the screen.
  	 */
  	/*
! 	 * The 'extra' array contains the extra stuff that is inserted to
! 	 * represent special characters (non-printable stuff).  When all
! 	 * characters are the same, c_extra is used.
  	 * For the '$' of the 'list' option, n_extra == 1, p_extra == "".
  	 */
  	if (n_extra > 0)
--- 3549,3559 ----
  	 * Get the next character to put on the screen.
  	 */
  	/*
! 	 * The "p_extra" points to the extra stuff that is inserted to
! 	 * represent special characters (non-printable stuff) and other
! 	 * things.  When all characters are the same, c_extra is used.
! 	 * "p_extra" must end in a NUL to avoid mb_ptr2len() reads past
! 	 * "p_extra[n_extra]".
  	 * For the '$' of the 'list' option, n_extra == 1, p_extra == "".
  	 */
  	if (n_extra > 0)
***************
*** 3808,3817 ****
  		 * a '<' in the first column. */
  		if (n_skip > 0 && mb_l > 1)
  		{
- 		    extra[0] = '<';
- 		    p_extra = extra;
  		    n_extra = 1;
! 		    c_extra = NUL;
  		    c = ' ';
  		    if (area_attr == 0 && search_attr == 0)
  		    {
--- 3809,3816 ----
  		 * a '<' in the first column. */
  		if (n_skip > 0 && mb_l > 1)
  		{
  		    n_extra = 1;
! 		    c_extra = '<';
  		    c = ' ';
  		    if (area_attr == 0 && search_attr == 0)
  		    {
***************
*** 6204,6211 ****
  	return;
  
      off = LineOffset[row] + col;
!     while (*ptr != NUL && col < screen_Columns
! 				      && (len < 0 || (int)(ptr - text) < len))
      {
  	c = *ptr;
  #ifdef FEAT_MBYTE
--- 6203,6211 ----
  	return;
  
      off = LineOffset[row] + col;
!     while (col < screen_Columns
! 	    && (len < 0 || (int)(ptr - text) < len)
! 	    && *ptr != NUL)
      {
  	c = *ptr;
  #ifdef FEAT_MBYTE
*** ../vim-7.1.053/src/version.c	Sun Aug  5 19:20:04 2007
--- src/version.c	Sun Aug  5 20:07:47 2007
***************
*** 668,669 ****
--- 668,671 ----
  {   /* Add new patch number below this line */
+ /**/
+     54,
  /**/

-- 
From "know your smileys":
 +<(:-) The Pope

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\        download, build and distribute -- http://www.A-A-P.org        ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///