Blob Blame History Raw
To: vim_dev@googlegroups.com
Subject: Patch 7.3.112
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
------------

Patch 7.3.112
Problem:    Setting 'statusline' to "%!'asdf%' reads uninitialized memory.
Solution:   Check for NUL after %.
Files:	    src/buffer.c


*** ../vim-7.3.111/src/buffer.c	2010-10-27 16:17:56.000000000 +0200
--- src/buffer.c	2011-02-01 21:40:17.000000000 +0100
***************
*** 3364,3370 ****
   * or truncated if too long, fillchar is used for all whitespace.
   */
      int
! build_stl_str_hl(wp, out, outlen, fmt, use_sandbox, fillchar, maxwidth, hltab, tabtab)
      win_T	*wp;
      char_u	*out;		/* buffer to write into != NameBuff */
      size_t	outlen;		/* length of out[] */
--- 3364,3371 ----
   * or truncated if too long, fillchar is used for all whitespace.
   */
      int
! build_stl_str_hl(wp, out, outlen, fmt, use_sandbox, fillchar,
! 						      maxwidth, hltab, tabtab)
      win_T	*wp;
      char_u	*out;		/* buffer to write into != NameBuff */
      size_t	outlen;		/* length of out[] */
***************
*** 3474,3479 ****
--- 3475,3482 ----
  	 * Handle one '%' item.
  	 */
  	s++;
+ 	if (*s == NUL)  /* ignore trailing % */
+ 	    break;
  	if (*s == '%')
  	{
  	    if (p + 1 >= out + outlen)
*** ../vim-7.3.111/src/version.c	2011-02-01 18:01:06.000000000 +0100
--- src/version.c	2011-02-01 21:54:01.000000000 +0100
***************
*** 716,717 ****
--- 716,719 ----
  {   /* Add new patch number below this line */
+ /**/
+     112,
  /**/

-- 
Rule #1: Don't give somebody a tool that he's going to hurt himself with.

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\  an exciting new programming language -- http://www.Zimbu.org        ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///