mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-09-12 06:18:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

vim-patch:8.0.1421: accessing invalid memory with overlong byte sequence

Browse Source 
Problem:    Accessing invalid memory with overlong byte sequence.
Solution:   Check for NUL character. (test by Dominique Pelle, closes vim/vim#2485)
e6640ad44e
This commit is contained in:
Jan Edmund Lazo
2018-08-09 00:51:40 -04:00
parent a445887985
commit 4420dc3067
2 changed files with 16 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/nvim/strings.c
View File

@@ -344,14 +344,17 @@ char *strcase_save(const char *const orig, bool upper)
char *p = res;
while (*p != NUL) {
int l;
int c = utf_ptr2char((const char_u *)p);
int l = utf_ptr2len((const char_u *)p);
if (c == 0) {
// overlong sequence, use only the first byte
c = *p;
l = 1;
}
int uc = upper ? mb_toupper(c) : mb_tolower(c);
// Reallocate string when byte count changes. This is rare,
// thus it's OK to do another malloc()/free().
l = utf_ptr2len((const char_u *)p);
int newl = utf_char2len(uc);
if (newl != l) {
// TODO(philix): use xrealloc() in strup_save()