Commit: patch 9.1.0701: crash with NFA regex engine when searching for composing chars
8 views
Skip to first unread message
Christian Brabandt
Aug 28, 2024, 5:30:09 PM8/28/24
to vim...@googlegroups.com
patch 9.1.0701: crash with NFA regex engine when searching for composing chars
Commit: https://github.com/vim/vim/commit/c3a02d78bd7a4622e85af348b24fb1388d160de1
Author: Christian Brabandt <c...@256bit.org>
Date: Wed Aug 28 23:17:52 2024 +0200
patch 9.1.0701: crash with NFA regex engine when searching for composing chars
Problem: crash with NFA regex engine when searching for composing chars
(SuyueGuo)
Solution: When there is no composing character, break out of the loop
and check that out1 state is not null
fixes: #15583
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/regexp_nfa.c b/src/regexp_nfa.c
index 6db413462..557d0e1aa 100644
--- a/src/regexp_nfa.c
+++ b/src/regexp_nfa.c
@@ -6525,7 +6525,8 @@ nfa_regmatch(
else
result = FAIL;
- if (t->state->out->out1->c == NFA_END_COMPOSING)
+ if (t->state->out->out1 != NULL
+ && t->state->out->out1->c == NFA_END_COMPOSING)
{
end = t->state->out->out1;
ADD_STATE_IF_MATCH(end);
diff --git a/src/testdir/crash/nullptr_regexp_nfa b/src/testdir/crash/nullptr_regexp_nfa
new file mode 100644
index 0000000000000000000000000000000000000000..6b2edc62a36f64d27231ae5eb2b7959cbcbd4510
GIT binary patch
literal 429
zcmdPXOU-=29HYRM_rF-!!rab}t2i?!HLpZ5FTW^veGtn_ku%$XK!B?_zeu69NPz*U
zFeN6rw5UABGA1w8p*U5+p(Z+w%L>Ry%}dTt$;?Z)HA<>1N!2YaNz*knQ%F_NHB`_x
zH2lvM&k&Z%6=lekQ_R4Xq74HL|8*NC0Xdm7E%WkAbQ5(;Qj2nvBqZb+u$aq*9RN)%
zQ+Sxd=bV{l85>iRR+^_}k(61Yn{U9C*wE^n6vNF`W*HT2pqnU`sFfU}9aCdrpbJu&
zXdV|+6Qk<v;p*(|?C%@kAL{24<Qnkqo#4B7jPKsPtAXlCiUD%oz01o~tu0PTNl8u1
zjscni3@C6=WaepuxTuDvLJZBwNd?M8XBFq?Ez&x(KuiChKw?pP4j&&ID1;Mps;fY5
WLN(t|8)O>LYLF9i!TJqyfqVegnUWg-
literal 0
HcmV?d00001
diff --git a/src/testdir/test_crash.vim b/src/testdir/test_crash.vim
index e741a18b4..bfd04ff10 100644
--- a/src/testdir/test_crash.vim
+++ b/src/testdir/test_crash.vim
@@ -228,6 +228,11 @@ func Test_crash1_3()
call term_sendkeys(buf, args)
call TermWait(buf, 50)
+ let file = 'crash/nullptr_regexp_nfa'
+ let cmn_args = "%s -u NONE -i NONE -n -X -m -n -e -s -S %s -c ':qa!'"
+ let args = printf(cmn_args, vim, file)
+ call term_sendkeys(buf, args)
+ call TermWait(buf, 50)
" clean up
exe buf .. "bw!"
diff --git a/src/version.c b/src/version.c
index 59bd3fcdc..5dfb313d2 100644
--- a/src/version.c
+++ b/src/version.c
@@ -704,6 +704,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 701,
/**/
700,
/**/
Commit: https://github.com/vim/vim/commit/c3a02d78bd7a4622e85af348b24fb1388d160de1
Author: Christian Brabandt <c...@256bit.org>
Date: Wed Aug 28 23:17:52 2024 +0200
patch 9.1.0701: crash with NFA regex engine when searching for composing chars
Problem: crash with NFA regex engine when searching for composing chars
(SuyueGuo)
Solution: When there is no composing character, break out of the loop
and check that out1 state is not null
fixes: #15583
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/regexp_nfa.c b/src/regexp_nfa.c
index 6db413462..557d0e1aa 100644
--- a/src/regexp_nfa.c
+++ b/src/regexp_nfa.c
@@ -6525,7 +6525,8 @@ nfa_regmatch(
else
result = FAIL;
- if (t->state->out->out1->c == NFA_END_COMPOSING)
+ if (t->state->out->out1 != NULL
+ && t->state->out->out1->c == NFA_END_COMPOSING)
{
end = t->state->out->out1;
ADD_STATE_IF_MATCH(end);
diff --git a/src/testdir/crash/nullptr_regexp_nfa b/src/testdir/crash/nullptr_regexp_nfa
new file mode 100644
index 0000000000000000000000000000000000000000..6b2edc62a36f64d27231ae5eb2b7959cbcbd4510
GIT binary patch
literal 429
zcmdPXOU-=29HYRM_rF-!!rab}t2i?!HLpZ5FTW^veGtn_ku%$XK!B?_zeu69NPz*U
zFeN6rw5UABGA1w8p*U5+p(Z+w%L>Ry%}dTt$;?Z)HA<>1N!2YaNz*knQ%F_NHB`_x
zH2lvM&k&Z%6=lekQ_R4Xq74HL|8*NC0Xdm7E%WkAbQ5(;Qj2nvBqZb+u$aq*9RN)%
zQ+Sxd=bV{l85>iRR+^_}k(61Yn{U9C*wE^n6vNF`W*HT2pqnU`sFfU}9aCdrpbJu&
zXdV|+6Qk<v;p*(|?C%@kAL{24<Qnkqo#4B7jPKsPtAXlCiUD%oz01o~tu0PTNl8u1
zjscni3@C6=WaepuxTuDvLJZBwNd?M8XBFq?Ez&x(KuiChKw?pP4j&&ID1;Mps;fY5
WLN(t|8)O>LYLF9i!TJqyfqVegnUWg-
literal 0
HcmV?d00001
diff --git a/src/testdir/test_crash.vim b/src/testdir/test_crash.vim
index e741a18b4..bfd04ff10 100644
--- a/src/testdir/test_crash.vim
+++ b/src/testdir/test_crash.vim
@@ -228,6 +228,11 @@ func Test_crash1_3()
call term_sendkeys(buf, args)
call TermWait(buf, 50)
+ let file = 'crash/nullptr_regexp_nfa'
+ let cmn_args = "%s -u NONE -i NONE -n -X -m -n -e -s -S %s -c ':qa!'"
+ let args = printf(cmn_args, vim, file)
+ call term_sendkeys(buf, args)
+ call TermWait(buf, 50)
" clean up
exe buf .. "bw!"
diff --git a/src/version.c b/src/version.c
index 59bd3fcdc..5dfb313d2 100644
--- a/src/version.c
+++ b/src/version.c
@@ -704,6 +704,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 701,
/**/
700,
/**/
Reply all
Reply to author
Forward
0 new messages