aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorzeertzjq <zeertzjq@outlook.com>2023-04-15 18:22:44 +0800
committerzeertzjq <zeertzjq@outlook.com>2023-04-15 19:01:24 +0800
commitc6ebcd523dc91c8b1d52a8c9a61aca3d3a59250b (patch)
tree44d51cee54728f4b7c979b712a1ca6d0b3625d70
parent29efd54e0284727a7dde5608e5eedaef9c00c65f (diff)
downloadrneovim-c6ebcd523dc91c8b1d52a8c9a61aca3d3a59250b.tar.gz
rneovim-c6ebcd523dc91c8b1d52a8c9a61aca3d3a59250b.tar.bz2
rneovim-c6ebcd523dc91c8b1d52a8c9a61aca3d3a59250b.zip
vim-patch:9.0.0104: going beyond allocated memory when evaluating string constant
Problem: Going beyond allocated memory when evaluating string constant. Solution: Properly skip over <Key> form. https://github.com/vim/vim/commit/1e56bda9048a9625bce6e660938c834c5c15b07d Co-authored-by: Bram Moolenaar <Bram@vim.org>
Diffstat
-rw-r--r--src/nvim/eval.c17
-rw-r--r--test/old/testdir/test_eval_stuff.vim5
2 files changed, 21 insertions, 1 deletions
diff --git a/src/nvim/eval.c b/src/nvim/eval.c
index 289489a182..a30f9146c5 100644
--- a/src/nvim/eval.c
+++ b/src/nvim/eval.c
@@ -3877,6 +3877,7 @@ static int eval_number(char **arg, typval_T *rettv, bool evaluate, bool want_str
static int eval_string(char **arg, typval_T *rettv, bool evaluate, bool interpolate)
{
char *p;
+ const char *const arg_end = *arg + strlen(*arg);
unsigned int extra = interpolate ? 1 : 0;
const int off = interpolate ? 0 : 1;
@@ -3888,7 +3889,20 @@ static int eval_string(char **arg, typval_T *rettv, bool evaluate, bool interpol
// to 9 characters (6 for the char and 3 for a modifier):
// reserve space for 5 extra.
if (*p == '<') {
+ int modifiers = 0;
+ int flags = FSK_KEYCODE | FSK_IN_STRING;
+
extra += 5;
+
+ // Skip to the '>' to avoid using '{' inside for string
+ // interpolation.
+ if (p[1] != '*') {
+ flags |= FSK_SIMPLIFY;
+ }
+ if (find_special_key((const char **)&p, (size_t)(arg_end - p),
+ &modifiers, flags, NULL) != 0) {
+ p--; // leave "p" on the ">"
+ }
}
} else if (interpolate && (*p == '{' || *p == '}')) {
if (*p == '{' && p[1] != '{') { // start of expression
@@ -3994,7 +4008,8 @@ static int eval_string(char **arg, typval_T *rettv, bool evaluate, bool interpol
if (p[1] != '*') {
flags |= FSK_SIMPLIFY;
}
- extra = trans_special((const char **)&p, strlen(p), end, flags, false, NULL);
+ extra = trans_special((const char **)&p, (size_t)(arg_end - p),
+ end, flags, false, NULL);
if (extra != 0) {
end += extra;
if (end >= rettv->vval.v_string + len) {
diff --git a/test/old/testdir/test_eval_stuff.vim b/test/old/testdir/test_eval_stuff.vim
index 90e3942c4d..7acc91c17b 100644
--- a/test/old/testdir/test_eval_stuff.vim
+++ b/test/old/testdir/test_eval_stuff.vim
@@ -407,4 +407,9 @@ func Test_modified_char_no_escape_special()
nunmap <M-…>
endfunc
+func Test_eval_string_in_special_key()
+ " this was using the '{' inside <> as the start of an interpolated string
+ silent! echo 0{1-$"\<S--{>n|nö%
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
generated by cgit (git 2.34.1) at 2025-04-29 06:39:04 +0000