aniani/vim
0
0
Fork 1
mirror of https://github.com/vim/vim.git synced 2025-09-27 04:14:06 -04:00
Code Activity

updated for version 7.3.1280

Browse Source 
Problem:    Reading memory already freed since patch 7.3.1247. (Simon
            Ruderich, Dominique Pelle)
Solution:   Copy submatches before reallocating the state list.
This commit is contained in:
Bram Moolenaar
2013-06-30 23:24:08 +02:00
parent 673b9a3cae
commit d05bf560ac
2 changed files with 37 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
src/regexp_nfa.c
View File

@@ -3538,7 +3538,7 @@ static int sub_equal __ARGS((regsub_T *sub1, regsub_T *sub2));
static int match_backref __ARGS((regsub_T *sub, int subidx, int *bytelen)); static int match_backref __ARGS((regsub_T *sub, int subidx, int *bytelen));
static int has_state_with_pos __ARGS((nfa_list_T *l, nfa_state_T *state, regsubs_T *subs)); static int has_state_with_pos __ARGS((nfa_list_T *l, nfa_state_T *state, regsubs_T *subs));
static int state_in_list __ARGS((nfa_list_T *l, nfa_state_T *state, regsubs_T *subs)); static int state_in_list __ARGS((nfa_list_T *l, nfa_state_T *state, regsubs_T *subs));
static void addstate __ARGS((nfa_list_T *l, nfa_state_T *state, regsubs_T *subs, nfa_pim_T *pim, int off)); static regsubs_T *addstate __ARGS((nfa_list_T *l, nfa_state_T *state, regsubs_T *subs_arg, nfa_pim_T *pim, int off));
static void addstate_here __ARGS((nfa_list_T *l, nfa_state_T *state, regsubs_T *subs, nfa_pim_T *pim, int *ip)); static void addstate_here __ARGS((nfa_list_T *l, nfa_state_T *state, regsubs_T *subs, nfa_pim_T *pim, int *ip));
/* /*
@@ -3832,13 +3832,18 @@ state_in_list(l, state, subs)
return FALSE; return FALSE;
} }
static void /*
addstate(l, state, subs, pim, off) * Add "state" and possibly what follows to state list ".".
nfa_list_T *l; /* runtime state list */ * Returns "subs_arg", possibly copied into temp_subs.
nfa_state_T *state; /* state to update */ */
regsubs_T *subs; /* pointers to subexpressions */
nfa_pim_T *pim; /* postponed look-behind match */ static regsubs_T *
int off; /* byte offset, when -1 go to next line */ addstate(l, state, subs_arg, pim, off)
nfa_list_T *l; /* runtime state list */
nfa_state_T *state; /* state to update */
regsubs_T *subs_arg; /* pointers to subexpressions */
nfa_pim_T *pim; /* postponed look-behind match */
int off; /* byte offset, when -1 go to next line */
{ {
int subidx; int subidx;
nfa_thread_T *thread; nfa_thread_T *thread;
@@ -3847,6 +3852,8 @@ addstate(l, state, subs, pim, off)
char_u *save_ptr; char_u *save_ptr;
int i; int i;
regsub_T *sub; regsub_T *sub;
regsubs_T *subs = subs_arg;
static regsubs_T temp_subs;
#ifdef ENABLE_LOG #ifdef ENABLE_LOG
int did_print = FALSE; int did_print = FALSE;
#endif #endif
@@ -3941,7 +3948,7 @@ skip_add:
fprintf(log_fd, "> Not adding state %d to list %d. char %d: %s\n", fprintf(log_fd, "> Not adding state %d to list %d. char %d: %s\n",
abs(state->id), l->id, state->c, code); abs(state->id), l->id, state->c, code);
#endif #endif
return; return subs;
} }
/* Do not add the state again when it exists with the same /* Do not add the state again when it exists with the same
@@ -3956,6 +3963,18 @@ skip_add:
{ {
int newlen = l->len * 3 / 2 + 50; int newlen = l->len * 3 / 2 + 50;
if (subs != &temp_subs)
{
/* "subs" may point into the current array, need to make a
* copy before it becomes invalid. */
copy_sub(&temp_subs.norm, &subs->norm);
#ifdef FEAT_SYN_HL
if (nfa_has_zsubexpr)
copy_sub(&temp_subs.synt, &subs->synt);
#endif
subs = &temp_subs;
}
l->t = vim_realloc(l->t, newlen * sizeof(nfa_thread_T)); l->t = vim_realloc(l->t, newlen * sizeof(nfa_thread_T));
l->len = newlen; l->len = newlen;
} }
@@ -3991,14 +4010,14 @@ skip_add:
case NFA_SPLIT: case NFA_SPLIT:
/* order matters here */ /* order matters here */
addstate(l, state->out, subs, pim, off); subs = addstate(l, state->out, subs, pim, off);
addstate(l, state->out1, subs, pim, off); subs = addstate(l, state->out1, subs, pim, off);
break; break;
case NFA_SKIP_CHAR: case NFA_SKIP_CHAR:
case NFA_NOPEN: case NFA_NOPEN:
case NFA_NCLOSE: case NFA_NCLOSE:
addstate(l, state->out, subs, pim, off); subs = addstate(l, state->out, subs, pim, off);
break; break;
case NFA_MOPEN: case NFA_MOPEN:
@@ -4094,7 +4113,7 @@ skip_add:
sub->list.line[subidx].start = reginput + off; sub->list.line[subidx].start = reginput + off;
} }
addstate(l, state->out, subs, pim, off); subs = addstate(l, state->out, subs, pim, off);
if (save_in_use == -1) if (save_in_use == -1)
{ {
@@ -4112,7 +4131,7 @@ skip_add:
{ {
/* Do not overwrite the position set by \ze. If no \ze /* Do not overwrite the position set by \ze. If no \ze
* encountered end will be set in nfa_regtry(). */ * encountered end will be set in nfa_regtry(). */
addstate(l, state->out, subs, pim, off); subs = addstate(l, state->out, subs, pim, off);
break; break;
} }
case NFA_MCLOSE1: case NFA_MCLOSE1:
@@ -4181,7 +4200,7 @@ skip_add:
sub->list.line[subidx].end = reginput + off; sub->list.line[subidx].end = reginput + off;
} }
addstate(l, state->out, subs, pim, off); subs = addstate(l, state->out, subs, pim, off);
if (REG_MULTI) if (REG_MULTI)
sub->list.multi[subidx].end = save_lpos; sub->list.multi[subidx].end = save_lpos;
@@ -4190,6 +4209,7 @@ skip_add:
sub->in_use = save_in_use; sub->in_use = save_in_use;
break; break;
} }
return subs;
} }
/* /*

2
src/version.c
View File

@@ -728,6 +728,8 @@ static char *(features[]) =
static int included_patches[] = static int included_patches[] =
{ /* Add new patch number below this line */ { /* Add new patch number below this line */
/**/
1280,
/**/ /**/
1279, 1279,
/**/ /**/