To: vim_dev@googlegroups.com
Subject: Patch 7.3.148
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
------------

Patch 7.3.148
Problem:    A syntax file with a huge number of items or clusters causes weird
	    behavior, a hang or a crash. (Yukihiro Nakadaira)
Solution:   Check running out of IDs. (partly by Ben Schmidt)
Files:	    src/syntax.c


*** ../vim-7.3.147/src/syntax.c	2011-01-22 00:58:15.000000000 +0100
--- src/syntax.c	2011-04-01 14:25:39.000000000 +0200
***************
*** 219,234 ****
  
  /*
   * Syntax group IDs have different types:
!  *     0 -  9999  normal syntax groups
!  * 10000 - 14999  ALLBUT indicator (current_syn_inc_tag added)
!  * 15000 - 19999  TOP indicator (current_syn_inc_tag added)
!  * 20000 - 24999  CONTAINED indicator (current_syn_inc_tag added)
!  * >= 25000	  cluster IDs (subtract SYNID_CLUSTER for the cluster ID)
!  */
! #define SYNID_ALLBUT	10000	    /* syntax group ID for contains=ALLBUT */
! #define SYNID_TOP	15000	    /* syntax group ID for contains=TOP */
! #define SYNID_CONTAINED	20000	    /* syntax group ID for contains=CONTAINED */
! #define SYNID_CLUSTER	25000	    /* first syntax group ID for clusters */
  
  /*
   * Annoying Hack(TM):  ":syn include" needs this pointer to pass to
--- 219,238 ----
  
  /*
   * Syntax group IDs have different types:
!  *     0 - 19999  normal syntax groups
!  * 20000 - 20999  ALLBUT indicator (current_syn_inc_tag added)
!  * 21000 - 21999  TOP indicator (current_syn_inc_tag added)
!  * 22000 - 22999  CONTAINED indicator (current_syn_inc_tag added)
!  * 23000 - 32767  cluster IDs (subtract SYNID_CLUSTER for the cluster ID)
!  */
! #define SYNID_ALLBUT	20000	    /* syntax group ID for contains=ALLBUT */
! #define SYNID_TOP	21000	    /* syntax group ID for contains=TOP */
! #define SYNID_CONTAINED	22000	    /* syntax group ID for contains=CONTAINED */
! #define SYNID_CLUSTER	23000	    /* first syntax group ID for clusters */
! 
! #define MAX_SYNID       SYNID_ALLBUT
! #define MAX_SYN_INC_TAG	999	    /* maximum before the above overflow */
! #define MAX_CLUSTER_ID  (32767 - SYNID_CLUSTER)
  
  /*
   * Annoying Hack(TM):  ":syn include" needs this pointer to pass to
***************
*** 3442,3447 ****
--- 3446,3454 ----
      /* free the stored states */
      syn_stack_free_all(block);
      invalidate_current_state();
+ 
+     /* Reset the counter for ":syn include" */
+     running_syn_inc_tag = 0;
  }
  
  /*
***************
*** 4661,4666 ****
--- 4668,4675 ----
  	    return;
  	}
  	sgl_id = syn_check_cluster(arg, (int)(group_name_end - arg));
+ 	if (sgl_id == 0)
+ 	    return;
  	/* separate_nextcmd() and expand_filename() depend on this */
  	eap->arg = rest;
      }
***************
*** 4689,4694 ****
--- 4698,4708 ----
       * Save and restore the existing top-level grouplist id and ":syn
       * include" tag around the actual inclusion.
       */
+     if (running_syn_inc_tag >= MAX_SYN_INC_TAG)
+     {
+ 	EMSG((char_u *)_("E847: Too many syntax includes"));
+ 	return;
+     }
      prev_syn_inc_tag = current_syn_inc_tag;
      current_syn_inc_tag = ++running_syn_inc_tag;
      prev_toplvl_grp = curwin->w_s->b_syn_topgrp;
***************
*** 4712,4718 ****
      char_u	*group_name_end;
      int		syn_id;
      char_u	*rest;
!     char_u	*keyword_copy;
      char_u	*p;
      char_u	*kw;
      syn_opt_arg_T syn_opt_arg;
--- 4726,4732 ----
      char_u	*group_name_end;
      int		syn_id;
      char_u	*rest;
!     char_u	*keyword_copy = NULL;
      char_u	*p;
      char_u	*kw;
      syn_opt_arg_T syn_opt_arg;
***************
*** 4724,4732 ****
      if (rest != NULL)
      {
  	syn_id = syn_check_group(arg, (int)(group_name_end - arg));
! 
! 	/* allocate a buffer, for removing the backslashes in the keyword */
! 	keyword_copy = alloc((unsigned)STRLEN(rest) + 1);
  	if (keyword_copy != NULL)
  	{
  	    syn_opt_arg.flags = 0;
--- 4738,4746 ----
      if (rest != NULL)
      {
  	syn_id = syn_check_group(arg, (int)(group_name_end - arg));
! 	if (syn_id != 0)
! 	    /* allocate a buffer, for removing backslashes in the keyword */
! 	    keyword_copy = alloc((unsigned)STRLEN(rest) + 1);
  	if (keyword_copy != NULL)
  	{
  	    syn_opt_arg.flags = 0;
***************
*** 5133,5139 ****
  			    (item == ITEM_SKIP) ? SPTYPE_SKIP : SPTYPE_END;
  		    SYN_ITEMS(curwin->w_s)[idx].sp_flags |= syn_opt_arg.flags;
  		    SYN_ITEMS(curwin->w_s)[idx].sp_syn.id = syn_id;
! 		    SYN_ITEMS(curwin->w_s)[idx].sp_syn.inc_tag = current_syn_inc_tag;
  		    SYN_ITEMS(curwin->w_s)[idx].sp_syn_match_id =
  							ppp->pp_matchgroup_id;
  #ifdef FEAT_CONCEAL
--- 5147,5154 ----
  			    (item == ITEM_SKIP) ? SPTYPE_SKIP : SPTYPE_END;
  		    SYN_ITEMS(curwin->w_s)[idx].sp_flags |= syn_opt_arg.flags;
  		    SYN_ITEMS(curwin->w_s)[idx].sp_syn.id = syn_id;
! 		    SYN_ITEMS(curwin->w_s)[idx].sp_syn.inc_tag =
! 							  current_syn_inc_tag;
  		    SYN_ITEMS(curwin->w_s)[idx].sp_syn_match_id =
  							ppp->pp_matchgroup_id;
  #ifdef FEAT_CONCEAL
***************
*** 5426,5431 ****
--- 5441,5454 ----
  	curwin->w_s->b_syn_clusters.ga_growsize = 10;
      }
  
+     len = curwin->w_s->b_syn_clusters.ga_len;
+     if (len >= MAX_CLUSTER_ID)
+     {
+ 	EMSG((char_u *)_("E848: Too many syntax clusters"));
+ 	vim_free(name);
+ 	return 0;
+     }
+ 
      /*
       * Make room for at least one other cluster entry.
       */
***************
*** 5434,5440 ****
  	vim_free(name);
  	return 0;
      }
-     len = curwin->w_s->b_syn_clusters.ga_len;
  
      vim_memset(&(SYN_CLSTR(curwin->w_s)[len]), 0, sizeof(syn_cluster_T));
      SYN_CLSTR(curwin->w_s)[len].scl_name = name;
--- 5457,5462 ----
***************
*** 5476,5483 ****
  
      if (rest != NULL)
      {
! 	scl_id = syn_check_cluster(arg, (int)(group_name_end - arg))
! 							      - SYNID_CLUSTER;
  
  	for (;;)
  	{
--- 5498,5507 ----
  
      if (rest != NULL)
      {
! 	scl_id = syn_check_cluster(arg, (int)(group_name_end - arg));
! 	if (scl_id == 0)
! 	    return;
! 	scl_id -= SYNID_CLUSTER;
  
  	for (;;)
  	{
***************
*** 5516,5522 ****
  	if (got_clstr)
  	{
  	    redraw_curbuf_later(SOME_VALID);
! 	    syn_stack_free_all(curwin->w_s);	/* Need to recompute all syntax. */
  	}
      }
  
--- 5540,5546 ----
  	if (got_clstr)
  	{
  	    redraw_curbuf_later(SOME_VALID);
! 	    syn_stack_free_all(curwin->w_s);	/* Need to recompute all. */
  	}
      }
  
***************
*** 8972,8977 ****
--- 8996,9008 ----
  	highlight_ga.ga_growsize = 10;
      }
  
+     if (highlight_ga.ga_len >= MAX_SYNID)
+     {
+ 	EMSG(_("E849: Too many syntax groups"));
+ 	vim_free(name);
+ 	return 0;
+     }
+ 
      /*
       * Make room for at least one other syntax_highlight entry.
       */
*** ../vim-7.3.147/src/version.c	2011-04-01 13:05:37.000000000 +0200
--- src/version.c	2011-04-01 14:26:44.000000000 +0200
***************
*** 716,717 ****
--- 716,719 ----
  {   /* Add new patch number below this line */
+ /**/
+     148,
  /**/

-- 
BLACK KNIGHT: None shall pass.
ARTHUR:       I have no quarrel with you, brave Sir knight, but I must cross
              this bridge.
BLACK KNIGHT: Then you shall die.
                 "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\  an exciting new programming language -- http://www.Zimbu.org        ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///