diff --git a/7.3.664 b/7.3.664 new file mode 100644 index 0000000..b83c382 --- /dev/null +++ b/7.3.664 @@ -0,0 +1,78 @@ +To: vim_dev@googlegroups.com +Subject: Patch 7.3.664 +Fcc: outbox +From: Bram Moolenaar +Mime-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +------------ + +Patch 7.3.664 +Problem: Buffer overflow in unescaping text. (Raymond Ko) +Solution: Limit check for multi-byte character to 4 bytes. +Files: src/mbyte.c + + +*** ../vim-7.3.663/src/mbyte.c 2012-06-01 17:46:52.000000000 +0200 +--- src/mbyte.c 2012-09-18 17:53:05.000000000 +0200 +*************** +*** 3793,3805 **** + mb_unescape(pp) + char_u **pp; + { +! static char_u buf[MB_MAXBYTES + 1]; +! int n, m = 0; + char_u *str = *pp; + + /* Must translate K_SPECIAL KS_SPECIAL KE_FILLER to K_SPECIAL and CSI +! * KS_EXTRA KE_CSI to CSI. */ +! for (n = 0; str[n] != NUL && m <= MB_MAXBYTES; ++n) + { + if (str[n] == K_SPECIAL + && str[n + 1] == KS_SPECIAL +--- 3793,3807 ---- + mb_unescape(pp) + char_u **pp; + { +! static char_u buf[6]; +! int n; +! int m = 0; + char_u *str = *pp; + + /* Must translate K_SPECIAL KS_SPECIAL KE_FILLER to K_SPECIAL and CSI +! * KS_EXTRA KE_CSI to CSI. +! * Maximum length of a utf-8 character is 4 bytes. */ +! for (n = 0; str[n] != NUL && m < 4; ++n) + { + if (str[n] == K_SPECIAL + && str[n + 1] == KS_SPECIAL +*************** +*** 3836,3841 **** +--- 3838,3847 ---- + *pp = str + n + 1; + return buf; + } ++ ++ /* Bail out quickly for ASCII. */ ++ if (buf[0] < 128) ++ break; + } + return NULL; + } +*** ../vim-7.3.663/src/version.c 2012-09-18 16:47:00.000000000 +0200 +--- src/version.c 2012-09-18 18:01:14.000000000 +0200 +*************** +*** 721,722 **** +--- 721,724 ---- + { /* Add new patch number below this line */ ++ /**/ ++ 664, + /**/ + +-- +There are three kinds of people: Those who can count & those who can't. + + /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ +/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ +\\\ an exciting new programming language -- http://www.Zimbu.org /// + \\\ help me help AIDS victims -- http://ICCF-Holland.org ///