diff options
| author | Jurica Bradaric <jbradaric@gmail.com> | 2016-05-10 21:20:42 +0200 |
|---|---|---|
| committer | Jurica Bradaric <jbradaric@gmail.com> | 2016-05-10 21:21:54 +0200 |
| commit | 6bdf82bf6f9125d88a2135b442e1857704485500 (patch) | |
| tree | 463274b18f11ef748471e1e465cc2cfb4bdd4b35 /src/nvim/syntax.c | |
| parent | 0bfc1f33a02e2ea405a2df7eee67f093b56fa997 (diff) | |
| download | rneovim-6bdf82bf6f9125d88a2135b442e1857704485500.tar.gz rneovim-6bdf82bf6f9125d88a2135b442e1857704485500.tar.bz2 rneovim-6bdf82bf6f9125d88a2135b442e1857704485500.zip | |
vim-patch:7.4.1052
Problem: Illegal memory access with weird syntax command. (Dominique Pelle)
Solution: Check for column past end of line.
https://github.com/vim/vim/commit/04bff88df6211f64731bf8f5afa088e94496db16
Diffstat (limited to 'src/nvim/syntax.c')
| -rw-r--r-- | src/nvim/syntax.c | 38 |
1 files changed, 21 insertions, 17 deletions
diff --git a/src/nvim/syntax.c b/src/nvim/syntax.c index 41af7af55c..e7eee6eb9b 100644 --- a/src/nvim/syntax.c +++ b/src/nvim/syntax.c @@ -2615,33 +2615,37 @@ find_endpos ( IF_SYN_TIME(&spp_skip->sp_time)); spp_skip->sp_prog = regmatch.regprog; if (r && regmatch.startpos[0].col <= best_regmatch.startpos[0].col) { - /* Add offset to skip pattern match */ + // Add offset to skip pattern match syn_add_end_off(&pos, ®match, spp_skip, SPO_ME_OFF, 1); - /* If the skip pattern goes on to the next line, there is no - * match with an end pattern in this line. */ - if (pos.lnum > startpos->lnum) + // If the skip pattern goes on to the next line, there is no + // match with an end pattern in this line. + if (pos.lnum > startpos->lnum) { break; + } - line = ml_get_buf(syn_buf, startpos->lnum, FALSE); + line = ml_get_buf(syn_buf, startpos->lnum, false); + int line_len = (int)STRLEN(line); - /* take care of an empty match or negative offset */ - if (pos.col <= matchcol) - ++matchcol; - else if (pos.col <= regmatch.endpos[0].col) + // take care of an empty match or negative offset + if (pos.col <= matchcol) { + matchcol++; + } else if (pos.col <= regmatch.endpos[0].col) { matchcol = pos.col; - else - /* Be careful not to jump over the NUL at the end-of-line */ + } else { + // Be careful not to jump over the NUL at the end-of-line for (matchcol = regmatch.endpos[0].col; - line[matchcol] != NUL && matchcol < pos.col; - ++matchcol) - ; + matchcol < line_len && matchcol < pos.col; + matchcol++) { + } + } - /* if the skip pattern includes end-of-line, break here */ - if (line[matchcol] == NUL) + // if the skip pattern includes end-of-line, break here + if (matchcol >= line_len) { break; + } - continue; /* start with first end pattern again */ + continue; // start with first end pattern again } } |