Commit: patch 9.0.1995: Invalid memory access with empty 'foldexpr'
2 views
Skip to first unread message
Christian Brabandt
Oct 6, 2023, 1:30:13 PM10/6/23
to vim...@googlegroups.com
patch 9.0.1995: Invalid memory access with empty 'foldexpr'
Commit: https://github.com/vim/vim/commit/a991ce9c083bb8c02b1b1ec34ed35728197050f3
Author: zeertzjq <zeer...@outlook.com>
Date: Fri Oct 6 19:16:36 2023 +0200
patch 9.0.1995: Invalid memory access with empty 'foldexpr'
Problem: Invalid memory access when 'foldexpr' returns empty string.
Solution: Check for NUL.
closes: #13293
Signed-off-by: Christian Brabandt <c...@256bit.org>
Co-authored-by: zeertzjq <zeer...@outlook.com>
diff --git a/src/eval.c b/src/eval.c
index 19ab01561..a9f7112f2 100644
--- a/src/eval.c
+++ b/src/eval.c
@@ -968,7 +968,7 @@ eval_foldexpr(win_T *wp, int *cp)
// If the result is a string, check if there is a non-digit before
// the number.
s = tv.vval.v_string;
- if (!VIM_ISDIGIT(*s) && *s != '-')
+ if (*s != NUL && !VIM_ISDIGIT(*s) && *s != '-')
*cp = *s++;
retval = atol((char *)s);
}
diff --git a/src/testdir/test_fold.vim b/src/testdir/test_fold.vim
index 398a0c2d7..cb29d43d5 100644
--- a/src/testdir/test_fold.vim
+++ b/src/testdir/test_fold.vim
@@ -1769,4 +1769,13 @@ func Test_foldcolumn_linebreak_control_char()
bwipe!
endfunc
+" This used to cause invalid memory access
+func Test_foldexpr_return_empty_string()
+ new
+ setlocal foldexpr='' foldmethod=expr
+ redraw
+
+ bwipe!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/version.c b/src/version.c
index 057cae580..ce13dcc77 100644
--- a/src/version.c
+++ b/src/version.c
@@ -704,6 +704,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 1995,
/**/
1994,
/**/
Commit: https://github.com/vim/vim/commit/a991ce9c083bb8c02b1b1ec34ed35728197050f3
Author: zeertzjq <zeer...@outlook.com>
Date: Fri Oct 6 19:16:36 2023 +0200
patch 9.0.1995: Invalid memory access with empty 'foldexpr'
Problem: Invalid memory access when 'foldexpr' returns empty string.
Solution: Check for NUL.
closes: #13293
Signed-off-by: Christian Brabandt <c...@256bit.org>
Co-authored-by: zeertzjq <zeer...@outlook.com>
diff --git a/src/eval.c b/src/eval.c
index 19ab01561..a9f7112f2 100644
--- a/src/eval.c
+++ b/src/eval.c
@@ -968,7 +968,7 @@ eval_foldexpr(win_T *wp, int *cp)
// If the result is a string, check if there is a non-digit before
// the number.
s = tv.vval.v_string;
- if (!VIM_ISDIGIT(*s) && *s != '-')
+ if (*s != NUL && !VIM_ISDIGIT(*s) && *s != '-')
*cp = *s++;
retval = atol((char *)s);
}
diff --git a/src/testdir/test_fold.vim b/src/testdir/test_fold.vim
index 398a0c2d7..cb29d43d5 100644
--- a/src/testdir/test_fold.vim
+++ b/src/testdir/test_fold.vim
@@ -1769,4 +1769,13 @@ func Test_foldcolumn_linebreak_control_char()
bwipe!
endfunc
+" This used to cause invalid memory access
+func Test_foldexpr_return_empty_string()
+ new
+ setlocal foldexpr='' foldmethod=expr
+ redraw
+
+ bwipe!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/version.c b/src/version.c
index 057cae580..ce13dcc77 100644
--- a/src/version.c
+++ b/src/version.c
@@ -704,6 +704,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 1995,
/**/
1994,
/**/
Reply all
Reply to author
Forward
0 new messages