1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
From 806d037671e133bd28a7864248763f643967973a Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Tue, 25 Jan 2022 20:45:16 +0000
Subject: [PATCH] patch 8.2.4218: illegal memory access with bracketed paste in
Ex mode
Problem: Illegal memory access with bracketed paste in Ex mode.
Solution: Reserve space for the trailing NUL.
---
src/edit.c | 3 ++-
src/testdir/test_paste.vim | 3 +++
src/version.c | 2 ++
3 files changed, 7 insertions(+), 1 deletion(-)
From fe4bbac1166f2e4e3fa18cb966ec7305198c8176 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Mon, 20 Jan 2020 21:12:20 +0100
Subject: [PATCH] patch 8.2.0135: bracketed paste can still cause invalid
memory access
Problem: Bracketed paste can still cause invalid memory access. (Dominique
Pelle)
Solution: Check for NULL pointer.
---
src/edit.c | 2 +-
src/testdir/test_search.vim | 3 ++-
src/version.c | 2 ++
3 files changed, 5 insertions(+), 2 deletions(-)
Backport: drop included_patches 135 due to version bump
From 98a336dd497d3422e7efeef9f24cc9e25aeb8a49 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Mon, 20 Jan 2020 20:22:30 +0100
Subject: [PATCH] patch 8.2.0133: invalid memory access with search command
Problem: Invalid memory access with search command.
Solution: When :normal runs out of characters in bracketed paste mode break
out of the loop.(closes #5511)
---
src/edit.c | 4 ++--
src/testdir/test_search.vim | 5 +++++
src/version.c | 2 ++
3 files changed, 9 insertions(+), 2 deletions(-)
Backport: drop included_patches 135 due to version bump
--- a/src/edit.c
+++ b/src/edit.c
@@ -9183,7 +9183,7 @@ bracketed_paste(paste_mode_T mode, int d
int save_paste = p_paste;
/* If the end code is too long we can't detect it, read everything. */
- if (STRLEN(end) >= NUMBUFLEN)
+ if (end != NULL && STRLEN(end) >= NUMBUFLEN)
end = NULL;
++no_mapping;
allow_keys = 0;
@@ -9201,9 +9201,9 @@ bracketed_paste(paste_mode_T mode, int d
{
c = vgetc();
} while (c == K_IGNORE || c == K_VER_SCROLLBAR || c == K_HOR_SCROLLBAR);
- if (c == NUL || got_int)
+ if (c == NUL || got_int || (ex_normal_busy > 0 && c == Ctrl_C))
// When CTRL-C was encountered the typeahead will be flushed and we
- // won't get the end sequence.
+ // won't get the end sequence. Except when using ":normal".
break;
if (has_mbyte)
@@ -9226,7 +9226,8 @@ bracketed_paste(paste_mode_T mode, int d
break;
case PASTE_EX:
- if (gap != NULL && ga_grow(gap, idx) == OK)
+ /* add one for the NUL that is going to be appended */
+ if (gap != NULL && ga_grow(gap, idx + 1) == OK)
{
mch_memmove((char *)gap->ga_data + gap->ga_len,
buf, (size_t)idx);
--- a/src/testdir/test_paste.vim
+++ b/src/testdir/test_paste.vim
@@ -84,6 +84,16 @@ func Test_paste_cmdline()
call assert_equal("\"afoo\<CR>barb", getreg(':'))
endfunc
+" bracketed paste in Ex-mode
+func Test_paste_ex_mode()
+ unlet! foo
+ call feedkeys("Qlet foo=\"\<Esc>[200~foo\<CR>bar\<Esc>[201~\"\<CR>vi\<CR>", 'xt')
+ call assert_equal("foo\rbar", foo)
+
+ " pasting more than 40 bytes
+ exe "norm Q\<PasteStart>0000000000000000000000000000000000000000000000000000000000000000000000\<C-C>"
+endfunc
+
func Test_paste_visual_mode()
new
call setline(1, 'here are some words')
--- a/src/testdir/test_search.vim
+++ b/src/testdir/test_search.vim
@@ -1187,3 +1187,9 @@ func Test_search_Ctrl_L_combining()
call assert_equal(bufcontent[1], @/)
call Incsearch_cleanup()
endfunc
+
+func Test_search_special()
+ " this was causing illegal memory access and an endless loop
+ set t_PE=
+ exe "norm /\x80PS"
+endfunc
--- a/src/version.c
+++ b/src/version.c
@@ -796,6 +796,8 @@ static int included_patches[] =
/**/
5024,
/**/
+ 4218,
+/**/
4214,
/**/
4152,
|
