vim-patch:7.4.714

Problem: Illegal memory access when there are illegal bytes. Solution: Check the byte length of the character. (Dominique Pelle) https://github.com/vim/vim/commit/069dd08d8dbbbadc4e6780d5c881a24bce79a4f7
author: Michael Ennen <mike.ennen@gmail.com> 2016-01-13 16:01:23 -0700
committer: Michael Ennen <mike.ennen@gmail.com> 2016-01-13 16:52:44 -0700
commit: 39ef2195357996ce0d2b2d2d41275a572f2891b3 (patch)
tree: 24950dfdc4cf6b49051ab4c79471458b6465136b /src/nvim/regexp.c
parent: 573d65c738dd2e5f4ee92a7f20946411206021f7 (diff)
download: rneovim-39ef2195357996ce0d2b2d2d41275a572f2891b3.tar.gz
rneovim-39ef2195357996ce0d2b2d2d41275a572f2891b3.tar.bz2
rneovim-39ef2195357996ce0d2b2d2d41275a572f2891b3.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/src/nvim/regexp.c b/src/nvim/regexp.c
index e2c4b590d0..39001939d8 100644
--- a/src/nvim/regexp.c
+++ b/src/nvim/regexp.c
@@ -5333,10 +5333,12 @@ do_class:
     if ((len = (*mb_ptr2len)(opnd)) > 1) {
       if (ireg_ic && enc_utf8)
         cf = utf_fold(utf_ptr2char(opnd));
-      while (count < maxcount) {
-        for (i = 0; i < len; ++i)
-          if (opnd[i] != scan[i])
+      while (count < maxcount && (*mb_ptr2len)(scan) >= len) {
+        for (i = 0; i < len; ++i) {
+          if (opnd[i] != scan[i]) {
             break;
+          }
+        }
         if (i < len && (!ireg_ic || !enc_utf8
                         || utf_fold(utf_ptr2char(scan)) != cf))
           break;
author	Michael Ennen <mike.ennen@gmail.com>	2016-01-13 16:01:23 -0700
committer	Michael Ennen <mike.ennen@gmail.com>	2016-01-13 16:52:44 -0700
commit	39ef2195357996ce0d2b2d2d41275a572f2891b3 (patch)
tree	24950dfdc4cf6b49051ab4c79471458b6465136b /src/nvim/regexp.c
parent	573d65c738dd2e5f4ee92a7f20946411206021f7 (diff)
download	rneovim-39ef2195357996ce0d2b2d2d41275a572f2891b3.tar.gz rneovim-39ef2195357996ce0d2b2d2d41275a572f2891b3.tar.bz2 rneovim-39ef2195357996ce0d2b2d2d41275a572f2891b3.zip