To: vim_dev@googlegroups.com
Subject: Patch 9.0.1070
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
------------

Patch 9.0.1070 (after 9.0.1068)
Problem:    Reading beyond array size.
Solution:   Only use name[0] and name[1], do not use "name" as a string.
Files:      src/term.c


*** ../vim-9.0.1069/src/term.c	2022-12-17 13:49:10.650887618 +0000
--- src/term.c	2022-12-17 15:34:56.322705062 +0000
***************
*** 4389,4395 ****
  #define ATC_FROM_TERM 55
  
  /*
!  * Add a new entry to the list of terminal codes.
   * The list is kept alphabetical for ":set termcap"
   * "flags" is TRUE when replacing 7-bit by 8-bit controls is desired.
   * "flags" can also be ATC_FROM_TERM for got_code_from_term().
--- 4389,4396 ----
  #define ATC_FROM_TERM 55
  
  /*
!  * Add a new entry for "name[2]" to the list of terminal codes.
!  * Note that "name" may not have a terminating NUL.
   * The list is kept alphabetical for ":set termcap"
   * "flags" is TRUE when replacing 7-bit by 8-bit controls is desired.
   * "flags" can also be ATC_FROM_TERM for got_code_from_term().
***************
*** 4497,4503 ****
  		    {
  			// They are equal but for the ";*": don't add it.
  #ifdef FEAT_EVAL
! 			ch_log(NULL, "Termcap entry %s did not change", name);
  #endif
  			vim_free(s);
  			return;
--- 4498,4505 ----
  		    {
  			// They are equal but for the ";*": don't add it.
  #ifdef FEAT_EVAL
! 			ch_log(NULL, "Termcap entry %c%c did not change",
! 							     name[0], name[1]);
  #endif
  			vim_free(s);
  			return;
***************
*** 4507,4514 ****
  		{
  		    // Replace old code.
  #ifdef FEAT_EVAL
! 		    ch_log(NULL, "Termcap entry %s was: %s",
! 						      name, termcodes[i].code);
  #endif
  		    vim_free(termcodes[i].code);
  		    --tc_len;
--- 4509,4516 ----
  		{
  		    // Replace old code.
  #ifdef FEAT_EVAL
! 		    ch_log(NULL, "Termcap entry %c%c was: %s",
! 					  name[0], name[1], termcodes[i].code);
  #endif
  		    vim_free(termcodes[i].code);
  		    --tc_len;
***************
*** 4528,4534 ****
      }
  
  #ifdef FEAT_EVAL
!     ch_log(NULL, "%s termcap entry %s to %s", action, name, s);
  #endif
      termcodes[i].name[0] = name[0];
      termcodes[i].name[1] = name[1];
--- 4530,4536 ----
      }
  
  #ifdef FEAT_EVAL
!     ch_log(NULL, "%s termcap entry %c%c to %s", action, name[0], name[1], s);
  #endif
      termcodes[i].name[0] = name[0];
      termcodes[i].name[1] = name[1];
*** ../vim-9.0.1069/src/version.c	2022-12-17 15:02:58.651353771 +0000
--- src/version.c	2022-12-17 15:33:49.778785846 +0000
***************
*** 697,698 ****
--- 697,700 ----
  {   /* Add new patch number below this line */
+ /**/
+     1070,
  /**/

-- 
GUARD #1:  Where'd you get the coconut?
ARTHUR:    We found them.
GUARD #1:  Found them?  In Mercea?  The coconut's tropical!
ARTHUR:    What do you mean?
GUARD #1:  Well, this is a temperate zone.
                                  The Quest for the Holy Grail (Monty Python)

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
///                                                                      \\\
\\\        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///