To: vim_dev@googlegroups.com Subject: Patch 9.0.1532 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 9.0.1532 Problem: Crash when expanding "~" in substitute causes very long text. Solution: Limit the text length to MAXCOL. Files: src/regexp.c, src/testdir/test_substitute.vim *** ../vim-9.0.1531/src/regexp.c 2023-03-12 21:20:51.441254187 +0000 --- src/regexp.c 2023-05-09 20:56:52.117482566 +0100 *************** *** 1767,1776 **** regtilde(char_u *source, int magic) { char_u *newsub = source; - char_u *tmpsub; char_u *p; - int len; - int prevlen; for (p = newsub; *p; ++p) { --- 1767,1773 ---- *************** *** 1779,1802 **** if (reg_prev_sub != NULL) { // length = len(newsub) - 1 + len(prev_sub) + 1 ! prevlen = (int)STRLEN(reg_prev_sub); ! tmpsub = alloc(STRLEN(newsub) + prevlen); if (tmpsub != NULL) { // copy prefix ! len = (int)(p - newsub); // not including ~ ! mch_memmove(tmpsub, newsub, (size_t)len); // interpret tilde ! mch_memmove(tmpsub + len, reg_prev_sub, (size_t)prevlen); // copy postfix if (!magic) ++p; // back off backslash ! STRCPY(tmpsub + len + prevlen, p + 1); ! if (newsub != source) // already allocated newsub vim_free(newsub); newsub = tmpsub; ! p = newsub + len + prevlen; } } else if (magic) --- 1776,1810 ---- if (reg_prev_sub != NULL) { // length = len(newsub) - 1 + len(prev_sub) + 1 ! // Avoid making the text longer than MAXCOL, it will cause ! // trouble at some point. ! size_t prevsublen = STRLEN(reg_prev_sub); ! size_t newsublen = STRLEN(newsub); ! if (prevsublen > MAXCOL || newsublen > MAXCOL ! || newsublen + prevsublen > MAXCOL) ! { ! emsg(_(e_resulting_text_too_long)); ! break; ! } ! ! char_u *tmpsub = alloc(newsublen + prevsublen); if (tmpsub != NULL) { // copy prefix ! size_t prefixlen = p - newsub; // not including ~ ! mch_memmove(tmpsub, newsub, prefixlen); // interpret tilde ! mch_memmove(tmpsub + prefixlen, reg_prev_sub, ! prevsublen); // copy postfix if (!magic) ++p; // back off backslash ! STRCPY(tmpsub + prefixlen + prevsublen, p + 1); ! if (newsub != source) // allocated newsub before vim_free(newsub); newsub = tmpsub; ! p = newsub + prefixlen + prevsublen; } } else if (magic) *** ../vim-9.0.1531/src/testdir/test_substitute.vim 2023-01-28 19:18:56.733720607 +0000 --- src/testdir/test_substitute.vim 2023-05-09 21:14:38.977854684 +0100 *************** *** 1414,1419 **** --- 1414,1433 ---- bw! endfunc + " Check handling expanding "~" resulting in extremely long text. + func Test_substitute_tilde_too_long() + enew! + + s/.*/ixxx + s//~~~~~~~~~AAAAAAA@( + + " Either fails with "out of memory" or "text too long". + " This can take a long time. + call assert_fails('sil! norm &&&&&&&&&', ['E1240:\|E342:']) + + bwipe! + endfunc + " This should be done last to reveal a memory leak when vim_regsub_both() is " called to evaluate an expression but it is not used in a second call. func Test_z_substitute_expr_leak() *** ../vim-9.0.1531/src/version.c 2023-05-09 17:09:25.657491200 +0100 --- src/version.c 2023-05-09 19:51:14.179975122 +0100 *************** *** 697,698 **** --- 697,700 ---- { /* Add new patch number below this line */ + /**/ + 1532, /**/ -- Far back in the mists of ancient time, in the great and glorious days of the former Galactic Empire, life was wild, rich and largely tax free. Mighty starships plied their way between exotic suns, seeking adventure and reward among the furthest reaches of Galactic space. In those days, spirits were brave, the stakes were high, men were real men, women were real women and small furry creatures from Alpha Centauri were real small furry creatures from Alpha Centauri. And all dared to brave unknown terrors, to do mighty deeds, to boldly split infinitives that no man had split before -- and thus was the Empire forged. -- Douglas Adams, "The Hitchhiker's Guide to the Galaxy" /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// \\\ \\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///