mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-10-17 23:31:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

mark: Fix out-of-bounds array access when iterating over global marks

Browse Source
This commit is contained in:
ZyX
2015-08-13 23:31:14 +03:00
parent 1a348f8ed8
commit 689390210a
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/nvim/mark.c
View File

@@ -1203,12 +1203,14 @@ const void *mark_global_iter(const void *const iter, char *const name,
const xfmark_T *iter_mark = (iter == NULL const xfmark_T *iter_mark = (iter == NULL
? &(namedfm[0]) ? &(namedfm[0])
: (const xfmark_T *const) iter); : (const xfmark_T *const) iter);
while (!iter_mark->fmark.mark.lnum while ((size_t) (iter_mark - &(namedfm[0])) < ARRAY_SIZE(namedfm)
&& (size_t) (iter_mark - &(namedfm[0])) < ARRAY_SIZE(namedfm)) { && !iter_mark->fmark.mark.lnum) {
iter_mark++; iter_mark++;
} }
if (!iter_mark->fmark.mark.lnum) { if ((size_t) (iter_mark - &(namedfm[0])) == ARRAY_SIZE(namedfm)
*fm = (xfmark_T) {.fmark = {.mark = {.lnum = 0}}}; || !iter_mark->fmark.mark.lnum) {
*fm = (xfmark_T) { .fmark = { .mark = { .lnum = 0 } } };
return NULL;
} }
size_t iter_off = (size_t) (iter_mark - &(namedfm[0])); size_t iter_off = (size_t) (iter_mark - &(namedfm[0]));
*name = (char) (iter_off < NMARKS *name = (char) (iter_off < NMARKS