To: vim-dev@vim.org Subject: Patch 7.2.406 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 7.2.406 Problem: Patch 7.2.119 introduces uninit mem read. (Dominique Pelle) Solution: Only used ScreeenLinesC when ScreeenLinesUC is not zero. (Yukihiro Nakadaira) Also clear ScreeenLinesC when allocating. Files: src/screen.c *** ../vim-7.2.405/src/screen.c 2010-03-23 13:56:53.000000000 +0100 --- src/screen.c 2010-03-23 15:26:44.000000000 +0100 *************** *** 25,34 **** * one character which occupies two display cells. * For UTF-8 a multi-byte character is converted to Unicode and stored in * ScreenLinesUC[]. ScreenLines[] contains the first byte only. For an ASCII ! * character without composing chars ScreenLinesUC[] will be 0. When the ! * character occupies two display cells the next byte in ScreenLines[] is 0. * ScreenLinesC[][] contain up to 'maxcombine' composing characters ! * (drawn on top of the first character). They are 0 when not used. * ScreenLines2[] is only used for euc-jp to store the second byte if the * first byte is 0x8e (single-width character). * --- 25,35 ---- * one character which occupies two display cells. * For UTF-8 a multi-byte character is converted to Unicode and stored in * ScreenLinesUC[]. ScreenLines[] contains the first byte only. For an ASCII ! * character without composing chars ScreenLinesUC[] will be 0 and ! * ScreenLinesC[][] is not used. When the character occupies two display ! * cells the next byte in ScreenLines[] is 0. * ScreenLinesC[][] contain up to 'maxcombine' composing characters ! * (drawn on top of the first character). There is 0 after the last one used. * ScreenLines2[] is only used for euc-jp to store the second byte if the * first byte is 0x8e (single-width character). * *************** *** 4893,4898 **** --- 4894,4900 ---- /* * Return if the composing characters at "off_from" and "off_to" differ. + * Only to be used when ScreenLinesUC[off_from] != 0. */ static int comp_char_differs(off_from, off_to) *************** *** 6281,6286 **** --- 6283,6289 ---- /* * Return TRUE if composing characters for screen posn "off" differs from * composing characters in "u8cc". + * Only to be used when ScreenLinesUC[off] != 0. */ static int screen_comp_differs(off, u8cc) *************** *** 6461,6468 **** && c == 0x8e && ScreenLines2[off] != ptr[1]) || (enc_utf8 ! && (ScreenLinesUC[off] != (u8char_T)(c >= 0x80 ? u8c : 0) ! || screen_comp_differs(off, u8cc))) #endif || ScreenAttrs[off] != attr || exmode_active; --- 6464,6473 ---- && c == 0x8e && ScreenLines2[off] != ptr[1]) || (enc_utf8 ! && (ScreenLinesUC[off] != ! (u8char_T)(c < 0x80 && u8cc[0] == 0 ? 0 : u8c) ! || (ScreenLinesUC[off] != 0 ! && screen_comp_differs(off, u8cc)))) #endif || ScreenAttrs[off] != attr || exmode_active; *************** *** 7542,7548 **** new_ScreenLinesUC = (u8char_T *)lalloc((long_u)( (Rows + 1) * Columns * sizeof(u8char_T)), FALSE); for (i = 0; i < p_mco; ++i) ! new_ScreenLinesC[i] = (u8char_T *)lalloc((long_u)( (Rows + 1) * Columns * sizeof(u8char_T)), FALSE); } if (enc_dbcs == DBCS_JPNU) --- 7547,7553 ---- new_ScreenLinesUC = (u8char_T *)lalloc((long_u)( (Rows + 1) * Columns * sizeof(u8char_T)), FALSE); for (i = 0; i < p_mco; ++i) ! new_ScreenLinesC[i] = (u8char_T *)lalloc_clear((long_u)( (Rows + 1) * Columns * sizeof(u8char_T)), FALSE); } if (enc_dbcs == DBCS_JPNU) *** ../vim-7.2.405/src/version.c 2010-03-23 14:39:07.000000000 +0100 --- src/version.c 2010-03-23 15:34:11.000000000 +0100 *************** *** 683,684 **** --- 683,686 ---- { /* Add new patch number below this line */ + /**/ + 406, /**/ -- VOICE OVER: As the horrendous Black Beast lunged forward, escape for Arthur and his knights seemed hopeless, when, suddenly ... the animator suffered a fatal heart attack. ANIMATOR: Aaaaagh! VOICE OVER: The cartoon peril was no more ... The Quest for Holy Grail could continue. "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ download, build and distribute -- http://www.A-A-P.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///