From bdfca2028b69e054eaee2b97e6bbfc955a29e76a Mon Sep 17 00:00:00 2001 From: VVKot Date: Sun, 19 Dec 2021 19:43:50 +0000 Subject: [PATCH 1/2] vim-patch:8.2.3850: illegal memory access when displaying a partial Problem: Illegal memory access when displaying a partial. Solution: Terminate the string with a NUL. (closes vim/vim#9371) https://github.com/vim/vim/commit/2de5371a755abd287dab6ff544924715a76d4abe --- src/nvim/testdir/test_messages.vim | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/nvim/testdir/test_messages.vim b/src/nvim/testdir/test_messages.vim index 2140fe21ea..4ba9d28868 100644 --- a/src/nvim/testdir/test_messages.vim +++ b/src/nvim/testdir/test_messages.vim @@ -108,3 +108,11 @@ func Test_echospace() set ruler& showcmd& endfunc + +" this was missing a terminating NUL +func Test_echo_string_partial() + function CountSpaces() + endfunction + echomsg function('CountSpaces', [#{aaaaaaaaaaa: v:false, bbbbbbbbbbbb: '', ccccccccccc: ['ab', 'cd']}]) +endfunc + From 6f72236a001d3b9d4780235ba620c8a1e04f88c9 Mon Sep 17 00:00:00 2001 From: VVKot Date: Sun, 19 Dec 2021 19:49:03 +0000 Subject: [PATCH 2/2] vim-patch:8.2.3855: illegal memory access when displaying a blob Problem: Illegal memory access when displaying a blob. Solution: Append a NUL at the end. (Yegappan Lakshmanan, closes vim/vim#9372) https://github.com/vim/vim/commit/bc404bfb32cf2bef34050d2aeae0ea72ccf980cc --- src/nvim/regexp_nfa.c | 6 +++--- src/nvim/testdir/test_blob.vim | 8 ++++++++ src/nvim/testdir/test_messages.vim | 2 +- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/src/nvim/regexp_nfa.c b/src/nvim/regexp_nfa.c index eac1b4596e..41c927eaa6 100644 --- a/src/nvim/regexp_nfa.c +++ b/src/nvim/regexp_nfa.c @@ -2565,20 +2565,20 @@ static void nfa_print_state2(FILE *debugf, nfa_state_T *state, garray_T *indent) ga_concat(indent, (char_u *)"| "); else ga_concat(indent, (char_u *)" "); - ga_append(indent, '\0'); + ga_append(indent, NUL); nfa_print_state2(debugf, state->out, indent); /* replace last part of indent for state->out1 */ indent->ga_len -= 3; ga_concat(indent, (char_u *)" "); - ga_append(indent, '\0'); + ga_append(indent, NUL); nfa_print_state2(debugf, state->out1, indent); /* shrink indent */ indent->ga_len -= 3; - ga_append(indent, '\0'); + ga_append(indent, NUL); } /* diff --git a/src/nvim/testdir/test_blob.vim b/src/nvim/testdir/test_blob.vim index 20758b0c0a..af42b3857d 100644 --- a/src/nvim/testdir/test_blob.vim +++ b/src/nvim/testdir/test_blob.vim @@ -346,4 +346,12 @@ func Test_blob_sort() endif endfunc +" The following used to cause an out-of-bounds memory access +func Test_blob2string() + let v = '0z' .. repeat('01010101.', 444) + let v ..= '01' + exe 'let b = ' .. v + call assert_equal(v, string(b)) +endfunc + " vim: shiftwidth=2 sts=2 expandtab diff --git a/src/nvim/testdir/test_messages.vim b/src/nvim/testdir/test_messages.vim index 4ba9d28868..e0286548d9 100644 --- a/src/nvim/testdir/test_messages.vim +++ b/src/nvim/testdir/test_messages.vim @@ -113,6 +113,6 @@ endfunc func Test_echo_string_partial() function CountSpaces() endfunction - echomsg function('CountSpaces', [#{aaaaaaaaaaa: v:false, bbbbbbbbbbbb: '', ccccccccccc: ['ab', 'cd']}]) + call assert_equal("function('CountSpaces', [{'ccccccccccc': ['ab', 'cd'], 'aaaaaaaaaaa': v:false, 'bbbbbbbbbbbb': ''}])", string(function('CountSpaces', [#{aaaaaaaaaaa: v:false, bbbbbbbbbbbb: '', ccccccccccc: ['ab', 'cd']}]))) endfunc