4 From: Bram Moolenaar <Bram@moolenaar.net>
6 Content-Type: text/plain; charset=ISO-8859-1
7 Content-Transfer-Encoding: 8bit
11 Problem: Using Insure++ reveals a number of bugs. (Dominuque Pelle)
12 Solution: Initialize variables where needed. Free allocated memory to avoid
13 leaks. Fix comparing tags to avoid reading past allocated memory.
14 Files: src/buffer.c, src/diff.c, src/fileio.c, src/mark.c, src/misc1.c,
15 src/misc2.c, src/ops.c, src/option.c, src/tag.c, src/ui.c
18 *** ../vim-6.2.186/src/buffer.c Sun Nov 9 20:35:08 2003
19 --- src/buffer.c Thu Jan 15 22:10:02 2004
29 # if defined(FEAT_LISTCMDS) || defined(PROTO)
30 *** ../vim-6.2.186/src/diff.c Sun Oct 27 19:28:04 2002
31 --- src/diff.c Fri Jan 16 11:52:11 2004
35 curbuf = curwin->w_buffer;
36 set_string_option_direct((char_u *)"fdm", -1, (char_u *)"diff",
39 curbuf = curwin->w_buffer;
43 curbuf = curwin->w_buffer;
44 set_string_option_direct((char_u *)"fdm", -1, (char_u *)"diff",
45 ! OPT_LOCAL|OPT_FREE);
47 curbuf = curwin->w_buffer;
49 *** ../vim-6.2.186/src/fileio.c Fri Jan 9 14:33:14 2004
50 --- src/fileio.c Thu Jan 15 22:07:40 2004
54 #if defined(UNIX) && !defined(ARCHIE)
55 /* When using ":w!" and the file was read-only: make it writable */
56 ! if (forceit && st_old.st_uid == getuid() && perm >= 0 && !(perm & 0200)
57 && vim_strchr(p_cpo, CPO_FWRITE) == NULL)
62 #if defined(UNIX) && !defined(ARCHIE)
63 /* When using ":w!" and the file was read-only: make it writable */
64 ! if (forceit && perm >= 0 && !(perm & 0200) && st_old.st_uid == getuid()
65 && vim_strchr(p_cpo, CPO_FWRITE) == NULL)
68 *** ../vim-6.2.186/src/mark.c Sat Sep 27 19:36:47 2003
69 --- src/mark.c Fri Jan 16 11:56:14 2004
72 name = buflist_nr2name(fm->fmark.fnum, TRUE, FALSE);
74 name = fm->fname; /* use name from .viminfo */
75 ! if (name == NULL || *name == NUL)
78 ! fprintf(fp, "%c%c %ld %ld ", c1, c2, (long)fm->fmark.mark.lnum,
79 (long)fm->fmark.mark.col);
80 ! viminfo_writestring(fp, name);
81 if (fm->fmark.fnum != 0)
85 name = buflist_nr2name(fm->fmark.fnum, TRUE, FALSE);
87 name = fm->fname; /* use name from .viminfo */
88 ! if (name != NULL && *name != NUL)
90 ! fprintf(fp, "%c%c %ld %ld ", c1, c2, (long)fm->fmark.mark.lnum,
91 (long)fm->fmark.mark.col);
92 ! viminfo_writestring(fp, name);
95 if (fm->fmark.fnum != 0)
98 *** ../vim-6.2.186/src/misc1.c Sun Jan 18 20:15:02 2004
99 --- src/misc1.c Sun Jan 18 16:07:34 2004
103 curwin->w_cursor.coladd = 0;
105 ins_bytes(p_extra); /* will call changed_bytes() */
110 *** ../vim-6.2.186/src/misc2.c Sat Sep 27 19:36:47 2003
111 --- src/misc2.c Fri Jan 16 15:19:08 2004
115 int keycode; /* prefer key code, e.g. K_DEL instead of DEL */
123 int keycode; /* prefer key code, e.g. K_DEL instead of DEL */
135 + #ifdef FEAT_PATH_EXTRA
136 + vim_free(vl->ffv_wc_path);
141 *** ../vim-6.2.186/src/ops.c Sun Oct 12 16:56:43 2003
142 --- src/ops.c Thu Jan 15 22:30:37 2004
149 mch_memmove(s, y_ptr->y_array[lnum], (size_t)extra);
150 vim_free(y_ptr->y_array[lnum]);
153 mch_memmove(s + extra, str + start, (size_t)i);
159 mch_memmove(s, y_ptr->y_array[lnum], (size_t)extra);
161 vim_free(y_ptr->y_array[lnum]);
163 mch_memmove(s + extra, str + start, (size_t)i);
165 *** ../vim-6.2.186/src/option.c Sun Oct 26 20:19:23 2003
166 --- src/option.c Thu Jan 15 22:03:06 2004
172 --arg; /* put arg at the '<' */
174 key = find_special_key(&arg, &modifiers, TRUE);
175 if (modifiers) /* can't handle modifiers here */
177 *** ../vim-6.2.186/src/tag.c Mon Dec 29 19:48:35 2003
178 --- src/tag.c Sun Jan 18 13:05:42 2004
182 int is_etag; /* current file is emaces style */
187 + int len; /* nr of chars of match[] to be compared */
188 + char_u match[1]; /* actually longer */
190 garray_T ga_match[MT_COUNT];
191 int match_count = 0; /* number of matches found */
197 for (mtt = 0; mtt < MT_COUNT; ++mtt)
198 ! ga_init2(&ga_match[mtt], (int)sizeof(char_u *), 100);
200 /* check for out of memory situation */
201 if (lbuf == NULL || tag_fname == NULL
205 for (mtt = 0; mtt < MT_COUNT; ++mtt)
206 ! ga_init2(&ga_match[mtt], (int)sizeof(struct match_found *), 100);
208 /* check for out of memory situation */
209 if (lbuf == NULL || tag_fname == NULL
212 cc = *tagp.tagname_end;
213 *tagp.tagname_end = NUL;
214 match = vim_regexec(®match, tagp.tagname, (colnr_T)0);
215 ! matchoff = (int)(regmatch.startp[0] - tagp.tagname);
216 ! if (match && regmatch.rm_ic)
218 ! regmatch.rm_ic = FALSE;
219 ! match_no_ic = vim_regexec(®match, tagp.tagname,
221 ! regmatch.rm_ic = TRUE;
223 *tagp.tagname_end = cc;
226 cc = *tagp.tagname_end;
227 *tagp.tagname_end = NUL;
228 match = vim_regexec(®match, tagp.tagname, (colnr_T)0);
231 ! matchoff = (int)(regmatch.startp[0] - tagp.tagname);
232 ! if (regmatch.rm_ic)
234 ! regmatch.rm_ic = FALSE;
235 ! match_no_ic = vim_regexec(®match, tagp.tagname,
237 ! regmatch.rm_ic = TRUE;
240 *tagp.tagname_end = cc;
249 + * Add the found match in ga_match[mtt], avoiding duplicates.
250 + * Store the info we need later, which depends on the kind of
251 + * tags we are dealing with.
253 if (ga_grow(&ga_match[mtt], 1) == OK)
259 *tagp.tagname_end = NUL;
260 len = (int)(tagp.tagname_end - tagp.tagname);
261 ! p = vim_strnsave(tagp.tagname, len + 10);
263 sprintf((char *)p + len + 1, "%06d",
264 help_heuristic(tagp.tagname,
265 match_re ? matchoff : 0, !match_no_ic));
266 *tagp.tagname_end = TAB;
267 - ++len; /* compare one more char */
275 char_u *temp_end = tagp.command;
277 ! if ((*temp_end) == '/')
278 ! while ( *temp_end && (*temp_end != '\r')
279 ! && (*temp_end != '\n')
280 ! && (*temp_end != '$'))
283 ! if ((tagp.command + 2) < temp_end)
285 len = (int)(temp_end - tagp.command - 2);
286 ! p = vim_strnsave(tagp.command + 2, len);
288 get_it_again = FALSE;
292 len = (int)(tagp.tagname_end - tagp.tagname);
293 ! p = vim_strnsave(tagp.tagname, len);
294 ! /* if wanted, re-read line to get long form too*/
296 get_it_again = p_sft;
298 - ++len; /* compare one more char */
304 *tagp.tagname_end = NUL;
305 len = (int)(tagp.tagname_end - tagp.tagname);
306 ! mfp = (struct match_found *)
307 ! alloc(sizeof(struct match_found) + len + 10);
310 ! mfp->len = len + 1; /* also compare the NUL */
312 ! STRCPY(p, tagp.tagname);
313 sprintf((char *)p + len + 1, "%06d",
314 help_heuristic(tagp.tagname,
315 match_re ? matchoff : 0, !match_no_ic));
317 *tagp.tagname_end = TAB;
323 char_u *temp_end = tagp.command;
325 ! if (*temp_end == '/')
326 ! while (*temp_end && *temp_end != '\r'
327 ! && *temp_end != '\n'
328 ! && *temp_end != '$')
331 ! if (tagp.command + 2 < temp_end)
333 len = (int)(temp_end - tagp.command - 2);
334 ! mfp = (struct match_found *)
335 ! alloc(sizeof(struct match_found) + len);
338 ! mfp->len = len + 1; /* include the NUL */
340 ! STRNCPY(p, tagp.command + 2, len);
346 get_it_again = FALSE;
350 len = (int)(tagp.tagname_end - tagp.tagname);
351 ! mfp = (struct match_found *)
352 ! alloc(sizeof(struct match_found) + len);
355 ! mfp->len = len + 1; /* include the NUL */
357 ! STRNCPY(p, tagp.tagname, len);
361 ! /* if wanted, re-read line to get long form too */
363 get_it_again = p_sft;
377 STRCPY(p + 1, tag_fname);
378 #ifdef BACKSLASH_IN_FILENAME
383 ! mfp = (struct match_found *)
384 ! alloc(sizeof(struct match_found) + len);
390 STRCPY(p + 1, tag_fname);
391 #ifdef BACKSLASH_IN_FILENAME
400 * Don't add identical matches.
408 * Don't add identical matches.
412 for (i = ga_match[mtt].ga_len; --i >= 0 && !got_int; )
415 ! ((char_u **)(ga_match[mtt].ga_data))[i],
416 ! p, (size_t)len) == 0)
422 ! ((char_u **)(ga_match[mtt].ga_data))
423 ! [ga_match[mtt].ga_len++] = p;
424 ga_match[mtt].ga_room--;
431 else /* Out of memory! Just forget about the rest. */
434 for (i = ga_match[mtt].ga_len; --i >= 0 && !got_int; )
436 ! mfp2 = ((struct match_found **)
437 ! (ga_match[mtt].ga_data))[i];
438 ! if (mfp2->len == mfp->len
439 ! && vim_memcmp(mfp2->match, mfp->match,
440 ! (size_t)mfp->len) == 0)
446 ! ((struct match_found **)(ga_match[mtt].ga_data))
447 ! [ga_match[mtt].ga_len++] = mfp;
448 ga_match[mtt].ga_room--;
455 else /* Out of memory! Just forget about the rest. */
459 for (i = 0; i < ga_match[mtt].ga_len; ++i)
461 ! p = ((char_u **)(ga_match[mtt].ga_data))[i];
465 ! matches[match_count++] = p;
467 ga_clear(&ga_match[mtt]);
471 for (i = 0; i < ga_match[mtt].ga_len; ++i)
473 ! mfp = ((struct match_found **)(ga_match[mtt].ga_data))[i];
478 ! /* To avoid allocating memory again we turn the struct
479 ! * match_found into a string. For help the priority was not
480 ! * included in the length. */
481 ! mch_memmove(mfp, mfp->match,
482 ! (size_t)(mfp->len + (help_only ? 9 : 0)));
483 ! matches[match_count++] = (char_u *)mfp;
486 ga_clear(&ga_match[mtt]);
488 *** ../vim-6.2.186/src/ui.c Sat Sep 27 19:36:47 2003
489 --- src/ui.c Thu Jan 15 22:16:00 2004
495 * Restore the input buffer with a pointer returned from get_input_buf().
496 + * The allocated memory is freed, this only works once!
503 garray_T *gap = (garray_T *)p;
505 ! if (gap != NULL && gap->ga_data != NULL)
507 ! mch_memmove(inbuf, gap->ga_data, gap->ga_len);
508 ! inbufcount = gap->ga_len;
514 garray_T *gap = (garray_T *)p;
518 ! if (gap->ga_data != NULL)
520 ! mch_memmove(inbuf, gap->ga_data, gap->ga_len);
521 ! inbufcount = gap->ga_len;
522 ! vim_free(gap->ga_data);
528 *** ../vim-6.2.186/src/version.c Sun Jan 18 20:50:42 2004
529 --- src/version.c Sun Jan 18 20:52:09 2004
533 { /* Add new patch number below this line */
539 ARTHUR: I did say sorry about the `old woman,' but from the behind you
541 DENNIS: What I object to is you automatically treat me like an inferior!
542 ARTHUR: Well, I AM king...
543 The Quest for the Holy Grail (Monty Python)
545 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\
546 /// Sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
547 \\\ Project leader for A-A-P -- http://www.A-A-P.org ///
548 \\\ Help AIDS victims, buy here: http://ICCF-Holland.org/click1.html ///
projects / packages / vim.git / blob