To: vim_dev@googlegroups.com Subject: Patch 8.0.0883 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.0.0883 Problem: Invalid memory access with nonsensical script. Solution: Check "dstlen" being positive. (Dominique Pelle) Files: src/misc1.c *** ../vim-8.0.0882/src/misc1.c 2017-08-05 23:00:49.690238118 +0200 --- src/misc1.c 2017-08-06 18:13:00.186803378 +0200 *************** *** 4180,4192 **** } else if ((src[0] == ' ' || src[0] == ',') && !one) at_start = TRUE; ! *dst++ = *src++; ! --dstlen; ! if (startstr != NULL && src - startstr_len >= srcp ! && STRNCMP(src - startstr_len, startstr, startstr_len) == 0) ! at_start = TRUE; } } *dst = NUL; } --- 4180,4197 ---- } else if ((src[0] == ' ' || src[0] == ',') && !one) at_start = TRUE; ! if (dstlen > 0) ! { ! *dst++ = *src++; ! --dstlen; ! if (startstr != NULL && src - startstr_len >= srcp ! && STRNCMP(src - startstr_len, startstr, ! startstr_len) == 0) ! at_start = TRUE; ! } } + } *dst = NUL; } *** ../vim-8.0.0882/src/version.c 2017-08-06 17:53:06.579447838 +0200 --- src/version.c 2017-08-06 18:14:45.598039787 +0200 *************** *** 771,772 **** --- 771,774 ---- { /* Add new patch number below this line */ + /**/ + 883, /**/ -- ARTHUR: Charge! [They all charge with swords drawn towards the RABBIT. A tremendous twenty second fight with Peckinpahish shots and borrowing heavily also on the Kung Fu and karate-type films ensues, in which some four KNIGHTS are comprehensively killed.] ARTHUR: Run away! Run away! "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///