4 From: Bram Moolenaar <Bram@moolenaar.net>
6 Content-Type: text/plain; charset=UTF-8
7 Content-Transfer-Encoding: 8bit
11 Problem: Crash with a very long syntax match statement. (Guy Gur Ari)
12 Solution: When the offset does not fit in the two bytes available give an
13 error instead of continuing with invalid pointers.
17 *** ../vim-7.2.306/src/regexp.c 2009-05-15 21:31:11.000000000 +0200
18 --- src/regexp.c 2009-11-25 18:13:03.000000000 +0100
23 static char_u *regcode; /* Code-emit pointer, or JUST_CALC_SIZE */
24 static long regsize; /* Code size. */
25 + static int reg_toolong; /* TRUE when offset out of range */
26 static char_u had_endbrace[NSUBEXP]; /* flags, TRUE if end of () found */
27 static unsigned regflags; /* RF_ flags for prog */
28 static long brace_min[10]; /* Minimums for complex brace repeats */
31 regcomp_start(expr, re_flags);
34 ! if (reg(REG_NOPAREN, &flags) == NULL)
41 regcomp_start(expr, re_flags);
44 ! if (reg(REG_NOPAREN, &flags) == NULL || reg_toolong)
48 + EMSG_RET_NULL(_("E339: Pattern too long"));
58 + reg_toolong = FALSE;
60 #if defined(FEAT_SYN_HL) || defined(PROTO)
66 br = regbranch(&flags);
69 regtail(ret, br); /* BRANCH -> BRANCH. */
70 if (!(flags & HASWIDTH))
74 br = regbranch(&flags);
75 ! if (br == NULL || reg_toolong)
77 regtail(ret, br); /* BRANCH -> BRANCH. */
78 if (!(flags & HASWIDTH))
84 regtail(latest, regnode(END)); /* operand ends */
87 reginsert(MATCH, latest);
94 latest = regpiece(&flags);
97 *flagp |= flags & (HASWIDTH | HASNL | HASLOOKBH);
98 if (chain == NULL) /* First piece. */
102 latest = regpiece(&flags);
103 ! if (latest == NULL || reg_toolong)
105 *flagp |= flags & (HASWIDTH | HASNL | HASLOOKBH);
106 if (chain == NULL) /* First piece. */
109 offset = (int)(scan - val);
111 offset = (int)(val - scan);
112 ! *(scan + 1) = (char_u) (((unsigned)offset >> 8) & 0377);
113 ! *(scan + 2) = (char_u) (offset & 0377);
118 offset = (int)(scan - val);
120 offset = (int)(val - scan);
121 ! /* When the offset uses more than 16 bits it can no longer fit in the two
122 ! * bytes avaliable. Use a global flag to avoid having to check return
123 ! * values in too many places. */
124 ! if (offset > 0xffff)
125 ! reg_toolong = TRUE;
128 ! *(scan + 1) = (char_u) (((unsigned)offset >> 8) & 0377);
129 ! *(scan + 2) = (char_u) (offset & 0377);
139 * regnext - dig the "next" pointer out of a node
140 + * Returns NULL when calculating size, when there is no next item and when
141 + * there is an error.
150 ! if (p == JUST_CALC_SIZE)
158 ! if (p == JUST_CALC_SIZE || reg_toolong)
162 *** ../vim-7.2.306/src/version.c 2009-11-25 17:15:16.000000000 +0100
163 --- src/version.c 2009-11-25 18:14:32.000000000 +0100
167 { /* Add new patch number below this line */
173 The fastest way to get an engineer to solve a problem is to declare that the
174 problem is unsolvable. No engineer can walk away from an unsolvable problem
176 (Scott Adams - The Dilbert principle)
178 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\
179 /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
180 \\\ download, build and distribute -- http://www.A-A-P.org ///
181 \\\ help me help AIDS victims -- http://ICCF-Holland.org ///