| To: vim_dev@googlegroups.com |
| Subject: Patch 7.3.664 |
| Fcc: outbox |
| From: Bram Moolenaar <Bram@moolenaar.net> |
| Mime-Version: 1.0 |
| Content-Type: text/plain; charset=UTF-8 |
| Content-Transfer-Encoding: 8bit |
| |
| |
| Patch 7.3.664 |
| Problem: Buffer overflow in unescaping text. (Raymond Ko) |
| Solution: Limit check for multi-byte character to 4 bytes. |
| Files: src/mbyte.c |
| |
| |
| |
| |
| |
| *** 3793,3805 **** |
| mb_unescape(pp) |
| char_u **pp; |
| { |
| ! static char_u buf[MB_MAXBYTES + 1]; |
| ! int n, m = 0; |
| char_u *str = *pp; |
| |
| /* Must translate K_SPECIAL KS_SPECIAL KE_FILLER to K_SPECIAL and CSI |
| ! * KS_EXTRA KE_CSI to CSI. */ |
| ! for (n = 0; str[n] != NUL && m <= MB_MAXBYTES; ++n) |
| { |
| if (str[n] == K_SPECIAL |
| && str[n + 1] == KS_SPECIAL |
| --- 3793,3807 ---- |
| mb_unescape(pp) |
| char_u **pp; |
| { |
| ! static char_u buf[6]; |
| ! int n; |
| ! int m = 0; |
| char_u *str = *pp; |
| |
| /* Must translate K_SPECIAL KS_SPECIAL KE_FILLER to K_SPECIAL and CSI |
| ! * KS_EXTRA KE_CSI to CSI. |
| ! * Maximum length of a utf-8 character is 4 bytes. */ |
| ! for (n = 0; str[n] != NUL && m < 4; ++n) |
| { |
| if (str[n] == K_SPECIAL |
| && str[n + 1] == KS_SPECIAL |
| |
| *** 3836,3841 **** |
| --- 3838,3847 ---- |
| *pp = str + n + 1; |
| return buf; |
| } |
| + |
| + /* Bail out quickly for ASCII. */ |
| + if (buf[0] < 128) |
| + break; |
| } |
| return NULL; |
| } |
| |
| |
| |
| *** 721,722 **** |
| --- 721,724 ---- |
| { /* Add new patch number below this line */ |
| + /**/ |
| + 664, |
| /**/ |
| |
| -- |
| There are three kinds of people: Those who can count & those who can't. |
| |
| /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ |
| /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ |
| \\\ an exciting new programming language -- http://www.Zimbu.org /// |
| \\\ help me help AIDS victims -- http://ICCF-Holland.org /// |