From 4d5cfa3e44d6166851d29051bce7447f29eaaa4f Mon Sep 17 00:00:00 2001
From: Karsten Hopp <karsten@redhat.com>
Date: May 21 2013 11:33:46 +0000
Subject: - patchlevel 975


---

diff --git a/7.3.975 b/7.3.975
new file mode 100644
index 0000000..d4b97ac
--- /dev/null
+++ b/7.3.975
@@ -0,0 +1,70 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.3.975
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.3.975
+Problem:    Crash in regexp parsing.
+Solution:   Correctly compute the end of allocated memory.
+Files:	    src/regexp_nfa.c
+
+
+*** ../vim-7.3.974/src/regexp_nfa.c	2013-05-19 22:31:13.000000000 +0200
+--- src/regexp_nfa.c	2013-05-20 13:43:37.000000000 +0200
+***************
+*** 231,244 ****
+      /* A reasonable estimation for size */
+      nstate_max = (STRLEN(expr) + 1) * NFA_POSTFIX_MULTIPLIER;
+  
+!     /* Size for postfix representation of expr */
+      postfix_size = sizeof(*post_start) * nstate_max;
+      post_start = (int *)lalloc(postfix_size, TRUE);
+      if (post_start == NULL)
+  	return FAIL;
+      vim_memset(post_start, 0, postfix_size);
+      post_ptr = post_start;
+!     post_end = post_start + postfix_size;
+      nfa_has_zend = FALSE;
+  
+      regcomp_start(expr, re_flags);
+--- 231,249 ----
+      /* A reasonable estimation for size */
+      nstate_max = (STRLEN(expr) + 1) * NFA_POSTFIX_MULTIPLIER;
+  
+!     /* Some items blow up in size, such as [A-z].  Add more space for that.
+!      * TODO: some patterns may still fail. */
+! //    nstate_max += 1000;
+! 
+!     /* Size for postfix representation of expr. */
+      postfix_size = sizeof(*post_start) * nstate_max;
++ 
+      post_start = (int *)lalloc(postfix_size, TRUE);
+      if (post_start == NULL)
+  	return FAIL;
+      vim_memset(post_start, 0, postfix_size);
+      post_ptr = post_start;
+!     post_end = post_start + nstate_max;
+      nfa_has_zend = FALSE;
+  
+      regcomp_start(expr, re_flags);
+*** ../vim-7.3.974/src/version.c	2013-05-20 12:52:23.000000000 +0200
+--- src/version.c	2013-05-20 13:42:10.000000000 +0200
+***************
+*** 730,731 ****
+--- 730,733 ----
+  {   /* Add new patch number below this line */
++ /**/
++     975,
+  /**/
+
+-- 
+My Go, this amn keyboar oesn't have a .
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///