diff --git a/7.2.406 b/7.2.406 new file mode 100644 index 0000000..cff265f --- /dev/null +++ b/7.2.406 @@ -0,0 +1,123 @@ +To: vim-dev@vim.org +Subject: Patch 7.2.406 +Fcc: outbox +From: Bram Moolenaar +Mime-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +------------ + +Patch 7.2.406 +Problem: Patch 7.2.119 introduces uninit mem read. (Dominique Pelle) +Solution: Only used ScreeenLinesC when ScreeenLinesUC is not zero. (Yukihiro + Nakadaira) Also clear ScreeenLinesC when allocating. +Files: src/screen.c + + +*** ../vim-7.2.405/src/screen.c 2010-03-23 13:56:53.000000000 +0100 +--- src/screen.c 2010-03-23 15:26:44.000000000 +0100 +*************** +*** 25,34 **** + * one character which occupies two display cells. + * For UTF-8 a multi-byte character is converted to Unicode and stored in + * ScreenLinesUC[]. ScreenLines[] contains the first byte only. For an ASCII +! * character without composing chars ScreenLinesUC[] will be 0. When the +! * character occupies two display cells the next byte in ScreenLines[] is 0. + * ScreenLinesC[][] contain up to 'maxcombine' composing characters +! * (drawn on top of the first character). They are 0 when not used. + * ScreenLines2[] is only used for euc-jp to store the second byte if the + * first byte is 0x8e (single-width character). + * +--- 25,35 ---- + * one character which occupies two display cells. + * For UTF-8 a multi-byte character is converted to Unicode and stored in + * ScreenLinesUC[]. ScreenLines[] contains the first byte only. For an ASCII +! * character without composing chars ScreenLinesUC[] will be 0 and +! * ScreenLinesC[][] is not used. When the character occupies two display +! * cells the next byte in ScreenLines[] is 0. + * ScreenLinesC[][] contain up to 'maxcombine' composing characters +! * (drawn on top of the first character). There is 0 after the last one used. + * ScreenLines2[] is only used for euc-jp to store the second byte if the + * first byte is 0x8e (single-width character). + * +*************** +*** 4893,4898 **** +--- 4894,4900 ---- + + /* + * Return if the composing characters at "off_from" and "off_to" differ. ++ * Only to be used when ScreenLinesUC[off_from] != 0. + */ + static int + comp_char_differs(off_from, off_to) +*************** +*** 6281,6286 **** +--- 6283,6289 ---- + /* + * Return TRUE if composing characters for screen posn "off" differs from + * composing characters in "u8cc". ++ * Only to be used when ScreenLinesUC[off] != 0. + */ + static int + screen_comp_differs(off, u8cc) +*************** +*** 6461,6468 **** + && c == 0x8e + && ScreenLines2[off] != ptr[1]) + || (enc_utf8 +! && (ScreenLinesUC[off] != (u8char_T)(c >= 0x80 ? u8c : 0) +! || screen_comp_differs(off, u8cc))) + #endif + || ScreenAttrs[off] != attr + || exmode_active; +--- 6464,6473 ---- + && c == 0x8e + && ScreenLines2[off] != ptr[1]) + || (enc_utf8 +! && (ScreenLinesUC[off] != +! (u8char_T)(c < 0x80 && u8cc[0] == 0 ? 0 : u8c) +! || (ScreenLinesUC[off] != 0 +! && screen_comp_differs(off, u8cc)))) + #endif + || ScreenAttrs[off] != attr + || exmode_active; +*************** +*** 7542,7548 **** + new_ScreenLinesUC = (u8char_T *)lalloc((long_u)( + (Rows + 1) * Columns * sizeof(u8char_T)), FALSE); + for (i = 0; i < p_mco; ++i) +! new_ScreenLinesC[i] = (u8char_T *)lalloc((long_u)( + (Rows + 1) * Columns * sizeof(u8char_T)), FALSE); + } + if (enc_dbcs == DBCS_JPNU) +--- 7547,7553 ---- + new_ScreenLinesUC = (u8char_T *)lalloc((long_u)( + (Rows + 1) * Columns * sizeof(u8char_T)), FALSE); + for (i = 0; i < p_mco; ++i) +! new_ScreenLinesC[i] = (u8char_T *)lalloc_clear((long_u)( + (Rows + 1) * Columns * sizeof(u8char_T)), FALSE); + } + if (enc_dbcs == DBCS_JPNU) +*** ../vim-7.2.405/src/version.c 2010-03-23 14:39:07.000000000 +0100 +--- src/version.c 2010-03-23 15:34:11.000000000 +0100 +*************** +*** 683,684 **** +--- 683,686 ---- + { /* Add new patch number below this line */ ++ /**/ ++ 406, + /**/ + +-- +VOICE OVER: As the horrendous Black Beast lunged forward, escape for Arthur + and his knights seemed hopeless, when, suddenly ... the animator + suffered a fatal heart attack. +ANIMATOR: Aaaaagh! +VOICE OVER: The cartoon peril was no more ... The Quest for Holy Grail could + continue. + "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD + + /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ +/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ +\\\ download, build and distribute -- http://www.A-A-P.org /// + \\\ help me help AIDS victims -- http://ICCF-Holland.org ///