Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_vim / bc404bfb32cf2bef34050d2aeae0ea72ccf980cc^! / . / src
commitbc404bfb32cf2bef34050d2aeae0ea72ccf980cc[log] [tgz]
authorYegappan Lakshmanan <yegappan@yahoo.com>Sun Dec 19 19:19:31 2021 +0000
committerBram Moolenaar <Bram@vim.org>Sun Dec 19 19:19:31 2021 +0000
tree31d8afcbb43b5cde41311e847caddcc199d42178
parent86b3ab4fa0de3e8884ab6a6ced2a70592b937d0f [diff]
patch 8.2.3855: illegal memory access when displaying a blob

Problem:    Illegal memory access when displaying a blob.
Solution:   Append a NUL at the end. (Yegappan Lakshmanan, closes #9372)

diff --git a/src/blob.c b/src/blob.c
index 0458571..5658370 100644
--- a/src/blob.c
+++ b/src/blob.c

@@ -240,6 +240,7 @@
 	vim_snprintf((char *)numbuf, NUMBUFLEN, "%02X", (int)blob_get(blob, i));
 	ga_concat(&ga, numbuf);
     }
+    ga_append(&ga, NUL);		// append a NUL at the end
     *tofree = ga.ga_data;
     return *tofree;
 }

diff --git a/src/regexp_nfa.c b/src/regexp_nfa.c
index 9dc246d..4d7d553 100644
--- a/src/regexp_nfa.c
+++ b/src/regexp_nfa.c

@@ -2917,20 +2917,20 @@
 	ga_concat(indent, (char_u *)"| ");
     else
 	ga_concat(indent, (char_u *)"  ");
-    ga_append(indent, '\0');
+    ga_append(indent, NUL);
 
     nfa_print_state2(debugf, state->out, indent);
 
     // replace last part of indent for state->out1
     indent->ga_len -= 3;
     ga_concat(indent, (char_u *)"  ");
-    ga_append(indent, '\0');
+    ga_append(indent, NUL);
 
     nfa_print_state2(debugf, state->out1, indent);
 
     // shrink indent
     indent->ga_len -= 3;
-    ga_append(indent, '\0');
+    ga_append(indent, NUL);
 }
 
 /*

diff --git a/src/testdir/test_blob.vim b/src/testdir/test_blob.vim
index bd816af..3ce9575 100644
--- a/src/testdir/test_blob.vim
+++ b/src/testdir/test_blob.vim

@@ -680,5 +680,12 @@
   call assert_equal(0z00010203, list2blob(range(4)))
 endfunc
 
+" The following used to cause an out-of-bounds memory access
+func Test_blob2string()
+  let v = '0z' .. repeat('01010101.', 444)
+  let v ..= '01'
+  exe 'let b = ' .. v
+  call assert_equal(v, string(b))
+endfunc
 
 " vim: shiftwidth=2 sts=2 expandtab

diff --git a/src/testdir/test_messages.vim b/src/testdir/test_messages.vim
index 5724eb6..62b5b29 100644
--- a/src/testdir/test_messages.vim
+++ b/src/testdir/test_messages.vim

@@ -341,7 +341,7 @@
 func Test_echo_string_partial()
   function CountSpaces()
   endfunction
-  echomsg function('CountSpaces', [#{aaaaaaaaaaa: v:false, bbbbbbbbbbbb: '', ccccccccccc: ['ab', 'cd']}])
+  call assert_equal("function('CountSpaces', [{'ccccccccccc': ['ab', 'cd'], 'aaaaaaaaaaa': v:false, 'bbbbbbbbbbbb': ''}])", string(function('CountSpaces', [#{aaaaaaaaaaa: v:false, bbbbbbbbbbbb: '', ccccccccccc: ['ab', 'cd']}])))
 endfunc
 
 " vim: shiftwidth=2 sts=2 expandtab

diff --git a/src/version.c b/src/version.c
index 52cc584..873b972 100644
--- a/src/version.c
+++ b/src/version.c

@@ -750,6 +750,8 @@
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    3855,
+/**/
     3854,
 /**/
     3853,