Commit: patch 9.2.0168: invalid pointer casting in string_convert() arguments
2 views
Skip to first unread message
Christian Brabandt
Mar 15, 2026, 5:17:03 AM (8 days ago) Mar 15
to vim...@googlegroups.com
patch 9.2.0168: invalid pointer casting in string_convert() arguments
Commit: https://github.com/vim/vim/commit/b00f441e69f8b42baa7b3e9ee976d56e038b5995
Author: James McCoy <jame...@debian.org>
Date: Sun Mar 15 08:58:11 2026 +0000
patch 9.2.0168: invalid pointer casting in string_convert() arguments
Problem: invalid pointer casting in string_convert() arguments
Solution: Use a temporary local int variable (James McCoy)
string_convert()/string_convert_ext() accept an "int *lenp" parameter,
however a few call sites were taking the address of a possibly larger
type (long, size_t) and casting it as an int * when calling these
functions.
On big-endian platforms, this passes the (likely) zeroed high bytes of
the known length through to string_convert(). This indicates it received
an empty string and returns an allocated empty string rather than
converting the input. This is exhibited by test failures like
From test_blob.vim:
Found errors in Test_blob2str_multi_byte_encodings():
command line..script src/testdir/runtest.vim[636]..function RunTheTest[63]..Test_blob2str_multi_byte_encodings line 2: Expected ['Hello'] but got ['']
command line..script src/testdir/runtest.vim[636]..function RunTheTest[63]..Test_blob2str_multi_byte_encodings line 3: Expected ['Hello'] but got ['']
command line..script srctestdir/runtest.vim[636]..function RunTheTest[63]..Test_blob2str_multi_byte_encodings line 6: Expected ['Hello'] but got ['']
Instead, use a temporary local int variable as the in/out variable for
string_convert() and assign the result back to the larger typed length
variable post-conversion.
closes: #19672
Signed-off-by: James McCoy <jame...@debian.org>
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/os_mac_conv.c b/src/os_mac_conv.c
index c9b349ca2..8cfce972a 100644
--- a/src/os_mac_conv.c
+++ b/src/os_mac_conv.c
@@ -354,7 +354,9 @@ mac_utf16_to_enc(
}
else
{
- result = string_convert(&conv, utf8_str, (int *)&utf8_len);
+ int len = utf8_len
+ result = string_convert(&conv, utf8_str, &len);
+ utf8_len = len;
vim_free(utf8_str);
}
diff --git a/src/strings.c b/src/strings.c
index c5e07590c..009285453 100644
--- a/src/strings.c
+++ b/src/strings.c
@@ -1218,8 +1218,9 @@ convert_string(string_T *str, char_u *from, char_u *to, string_T *ret)
}
else
{
- ret->length = str->length;
- ret->string = string_convert(&vimconv, str->string, (int *)&ret->length);
+ int len = str->length;
+ ret->string = string_convert(&vimconv, str->string, &len);
+ ret->length = len;
}
convert_setup(&vimconv, NULL, NULL);
@@ -1505,9 +1506,10 @@ f_blob2str(typval_T *argvars, typval_T *rettv)
// Use string_convert_ext with explicit input length
string_T converted;
- converted.length = blen;
+ int len = blen;
converted.string =
- string_convert_ext(&vimconv, (char_u *)blob_ga.ga_data, (int *)&converted.length, NULL);
+ string_convert_ext(&vimconv, (char_u *)blob_ga.ga_data, &len, NULL);
+ converted.length = len;
convert_setup(&vimconv, NULL, NULL);
ga_clear(&blob_ga);
append_converted_string_to_list(&converted, validate_utf8, rettv->vval.v_list, from_encoding);
diff --git a/src/version.c b/src/version.c
index 74d4b6cd4..6fa0448dc 100644
--- a/src/version.c
+++ b/src/version.c
@@ -734,6 +734,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 168,
/**/
167,
/**/
Commit: https://github.com/vim/vim/commit/b00f441e69f8b42baa7b3e9ee976d56e038b5995
Author: James McCoy <jame...@debian.org>
Date: Sun Mar 15 08:58:11 2026 +0000
patch 9.2.0168: invalid pointer casting in string_convert() arguments
Problem: invalid pointer casting in string_convert() arguments
Solution: Use a temporary local int variable (James McCoy)
string_convert()/string_convert_ext() accept an "int *lenp" parameter,
however a few call sites were taking the address of a possibly larger
type (long, size_t) and casting it as an int * when calling these
functions.
On big-endian platforms, this passes the (likely) zeroed high bytes of
the known length through to string_convert(). This indicates it received
an empty string and returns an allocated empty string rather than
converting the input. This is exhibited by test failures like
From test_blob.vim:
Found errors in Test_blob2str_multi_byte_encodings():
command line..script src/testdir/runtest.vim[636]..function RunTheTest[63]..Test_blob2str_multi_byte_encodings line 2: Expected ['Hello'] but got ['']
command line..script src/testdir/runtest.vim[636]..function RunTheTest[63]..Test_blob2str_multi_byte_encodings line 3: Expected ['Hello'] but got ['']
command line..script srctestdir/runtest.vim[636]..function RunTheTest[63]..Test_blob2str_multi_byte_encodings line 6: Expected ['Hello'] but got ['']
Instead, use a temporary local int variable as the in/out variable for
string_convert() and assign the result back to the larger typed length
variable post-conversion.
closes: #19672
Signed-off-by: James McCoy <jame...@debian.org>
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/os_mac_conv.c b/src/os_mac_conv.c
index c9b349ca2..8cfce972a 100644
--- a/src/os_mac_conv.c
+++ b/src/os_mac_conv.c
@@ -354,7 +354,9 @@ mac_utf16_to_enc(
}
else
{
- result = string_convert(&conv, utf8_str, (int *)&utf8_len);
+ int len = utf8_len
+ result = string_convert(&conv, utf8_str, &len);
+ utf8_len = len;
vim_free(utf8_str);
}
diff --git a/src/strings.c b/src/strings.c
index c5e07590c..009285453 100644
--- a/src/strings.c
+++ b/src/strings.c
@@ -1218,8 +1218,9 @@ convert_string(string_T *str, char_u *from, char_u *to, string_T *ret)
}
else
{
- ret->length = str->length;
- ret->string = string_convert(&vimconv, str->string, (int *)&ret->length);
+ int len = str->length;
+ ret->string = string_convert(&vimconv, str->string, &len);
+ ret->length = len;
}
convert_setup(&vimconv, NULL, NULL);
@@ -1505,9 +1506,10 @@ f_blob2str(typval_T *argvars, typval_T *rettv)
// Use string_convert_ext with explicit input length
string_T converted;
- converted.length = blen;
+ int len = blen;
converted.string =
- string_convert_ext(&vimconv, (char_u *)blob_ga.ga_data, (int *)&converted.length, NULL);
+ string_convert_ext(&vimconv, (char_u *)blob_ga.ga_data, &len, NULL);
+ converted.length = len;
convert_setup(&vimconv, NULL, NULL);
ga_clear(&blob_ga);
append_converted_string_to_list(&converted, validate_utf8, rettv->vval.v_list, from_encoding);
diff --git a/src/version.c b/src/version.c
index 74d4b6cd4..6fa0448dc 100644
--- a/src/version.c
+++ b/src/version.c
@@ -734,6 +734,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 168,
/**/
167,
/**/
Reply all
Reply to author
Forward
0 new messages