1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
From: Bram Moolenaar <Bram@vim.org>
Date: Sat, 4 Sep 2021 21:20:41 +0200
Subject: patch 8.2.3403: memory leak for :retab with invalid argument
Problem: Memory leak for :retab with invalid argument.
Solution: Free the memory. Make error messages consistent.
(cherry picked from commit 2ddb89f8a94425cda1e5491efc80c1ccccb6e08e)
---
src/ex_cmds.c | 10 ++++++++--
src/option.c | 3 +++
src/version.c | 1 +
3 files changed, 12 insertions(+), 2 deletions(-)
--- a/src/ex_cmds.c
+++ b/src/ex_cmds.c
@@ -714,12 +714,18 @@ ex_retab(exarg_T *eap)
else
new_ts_str = vim_strnsave(new_ts_str, eap->arg - new_ts_str);
#else
- new_ts = getdigits(&(eap->arg));
- if (new_ts < 0)
+ ptr = eap->arg;
+ new_ts = getdigits(&ptr);
+ if (new_ts < 0 && *eap->arg == '-')
{
emsg(_(e_positive));
return;
}
+ if (new_ts < 0 || new_ts > 9999)
+ {
+ semsg(_(e_invarg2), eap->arg);
+ return;
+ }
if (new_ts == 0)
new_ts = curbuf->b_p_ts;
#endif
--- a/src/option.c
+++ b/src/option.c
@@ -12859,9 +12859,12 @@ tabstop_set(char_u *var, int **array)
{
int n = atoi((char *)cp);
+ // Catch negative values, overflow and ridiculous big values.
if (n < 0 || n > 9999)
{
semsg(_(e_invarg2), cp);
+ vim_free(*array);
+ *array = NULL;
return FAIL;
}
(*array)[t++] = n;
--- a/src/version.c
+++ b/src/version.c
@@ -2581,6 +2581,7 @@ static int included_patches[] =
static char *(extra_patches[]) =
{ /* Add your patch description below this line */
"8.2.3402",
+ "8.2.3403",
/**/
NULL
};
|
