mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-11-06 10:44:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

vim-patch:9.0.0104: going beyond allocated memory when evaluating string constant

Browse Source 
Problem:    Going beyond allocated memory when evaluating string constant.
Solution:   Properly skip over <Key> form.

1e56bda904

Co-authored-by: Bram Moolenaar <Bram@vim.org>
This commit is contained in:
zeertzjq
2023-04-15 18:22:44 +08:00
parent 29efd54e02
commit c6ebcd523d
2 changed files with 21 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/nvim/eval.c
View File

@@ -3877,6 +3877,7 @@ static int eval_number(char **arg, typval_T *rettv, bool evaluate, bool want_str
static int eval_string(char **arg, typval_T *rettv, bool evaluate, bool interpolate) static int eval_string(char **arg, typval_T *rettv, bool evaluate, bool interpolate)
{ {
char *p; char *p;
const char *const arg_end = *arg + strlen(*arg);
unsigned int extra = interpolate ? 1 : 0; unsigned int extra = interpolate ? 1 : 0;
const int off = interpolate ? 0 : 1; const int off = interpolate ? 0 : 1;
@@ -3888,7 +3889,20 @@ static int eval_string(char **arg, typval_T *rettv, bool evaluate, bool interpol
// to 9 characters (6 for the char and 3 for a modifier): // to 9 characters (6 for the char and 3 for a modifier):
// reserve space for 5 extra. // reserve space for 5 extra.
if (*p == '<') { if (*p == '<') {
int modifiers = 0;
int flags = FSK_KEYCODE | FSK_IN_STRING;
extra += 5; extra += 5;
// Skip to the '>' to avoid using '{' inside for string
// interpolation.
if (p[1] != '*') {
flags |= FSK_SIMPLIFY;
}
if (find_special_key((const char **)&p, (size_t)(arg_end - p),
&modifiers, flags, NULL) != 0) {
p--; // leave "p" on the ">"
}
} }
} else if (interpolate && (*p == '{' || *p == '}')) { } else if (interpolate && (*p == '{' || *p == '}')) {
if (*p == '{' && p[1] != '{') { // start of expression if (*p == '{' && p[1] != '{') { // start of expression
@@ -3994,7 +4008,8 @@ static int eval_string(char **arg, typval_T *rettv, bool evaluate, bool interpol
if (p[1] != '*') { if (p[1] != '*') {
flags |= FSK_SIMPLIFY; flags |= FSK_SIMPLIFY;
} }
extra = trans_special((const char **)&p, strlen(p), end, flags, false, NULL); extra = trans_special((const char **)&p, (size_t)(arg_end - p),
end, flags, false, NULL);
if (extra != 0) { if (extra != 0) {
end += extra; end += extra;
if (end >= rettv->vval.v_string + len) { if (end >= rettv->vval.v_string + len) {

5
test/old/testdir/test_eval_stuff.vim
View File

@@ -407,4 +407,9 @@ func Test_modified_char_no_escape_special()
nunmap <M-> nunmap <M->
endfunc endfunc
func Test_eval_string_in_special_key()
" this was using the '{' inside <> as the start of an interpolated string
silent! echo 0{1-$"\<S--{>n|%
endfunc
" vim: shiftwidth=2 sts=2 expandtab " vim: shiftwidth=2 sts=2 expandtab