Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_vim / b878bbbca67c384101c2ebb822e390f0feda9489^! / . / src / regexp.c
commitb878bbbca67c384101c2ebb822e390f0feda9489[log] [tgz]
authorBram Moolenaar <Bram@vim.org>Tue Jun 09 20:39:24 2015 +0200
committerBram Moolenaar <Bram@vim.org>Tue Jun 09 20:39:24 2015 +0200
treebcf905e05baaacbe320c15b5eeacbcac92389736
parente2e4b98622f7c44910dc9660035048a4177d3777 [diff] [blame]
patch 7.4.736
Problem:    Invalid memory access.
Solution:   Avoid going over the end of a NUL terminated string. (Dominique
            Pelle)

diff --git a/src/regexp.c b/src/regexp.c
index 85e0458..4ce37c4 100644
--- a/src/regexp.c
+++ b/src/regexp.c

@@ -1157,7 +1157,7 @@
     int		l = 1;
     char_u	*p = *pp;
 
-    if (p[1] == '.')
+    if (p[0] != NUL && p[1] == '.')
     {
 #ifdef FEAT_MBYTE
 	if (has_mbyte)
@@ -1228,8 +1228,9 @@
 	{
 	    if (get_char_class(&p) == CLASS_NONE
 		    && get_equi_class(&p) == 0
-		    && get_coll_element(&p) == 0)
-		++p; /* It was not a class name */
+		    && get_coll_element(&p) == 0
+		    && *p != NUL)
+		++p; /* it is not a class name and not NUL */
 	}
 	else
 	    ++p;
@@ -3156,7 +3157,7 @@
 		    /*
 		     * META contains everything that may be magic sometimes,
 		     * except ^ and $ ("\^" and "\$" are only magic after
-		     * "\v").  We now fetch the next character and toggle its
+		     * "\V").  We now fetch the next character and toggle its
 		     * magicness.  Therefore, \ is so meta-magic that it is
 		     * not in META.
 		     */