patch 8.0.0398: illegal memory access with "t"v8.0.0398

Problem: Illegal memory access with "t". Solution: Use strncmp() instead of memcmp(). (Dominique Pelle, closes #1528)
author: Bram Moolenaar <Bram@vim.org> 2017-03-01 22:17:05 +0100
committer: Bram Moolenaar <Bram@vim.org> 2017-03-01 22:17:05 +0100
commit: 66727e16079fbac6db3897b5c3736ec9fba995bb (patch)
tree: 7cc5cab485cb636ccf3b2aaf546b049492c5c375
parent: 5a66dfb25eb478c26176d993393a3b1b124edb39 (diff)
3 files changed, 11 insertions, 5 deletions
diff --git a/src/search.c b/src/search.c
index 83c584272c..d23dde2c88 100644
--- a/src/search.c
+++ b/src/search.c
@@ -1693,12 +1693,9 @@ searchc(cmdarg_T *cap, int t_cmd)
 		    if (p[col] == c && stop)
 			break;
 		}
-		else
-		{
-		    if (memcmp(p + col, lastc_bytes, lastc_bytelen) == 0
+		else if (STRNCMP(p + col, lastc_bytes, lastc_bytelen) == 0
 								       && stop)
-			break;
-		}
+		    break;
 		stop = TRUE;
 	    }
 	}
diff --git a/src/testdir/test_search.vim b/src/testdir/test_search.vim
index 040a8098a8..1a114c44c0 100644
--- a/src/testdir/test_search.vim
+++ b/src/testdir/test_search.vim
@@ -294,3 +294,10 @@ func Test_searchpair()
   q!
 endfunc
 
+func Test_searchc()
+  " These commands used to cause memory overflow in searchc().
+  new
+  norm ixx
+  exe "norm 0t\u93cf"
+  bw!
+endfunc
diff --git a/src/version.c b/src/version.c
index 26b5455ab9..c1f426cb3d 100644
--- a/src/version.c
+++ b/src/version.c
@@ -765,6 +765,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    398,
+/**/
     397,
 /**/
     396,
author	Bram Moolenaar <Bram@vim.org>	2017-03-01 22:17:05 +0100
committer	Bram Moolenaar <Bram@vim.org>	2017-03-01 22:17:05 +0100
commit	66727e16079fbac6db3897b5c3736ec9fba995bb (patch)
tree	7cc5cab485cb636ccf3b2aaf546b049492c5c375
parent	5a66dfb25eb478c26176d993393a3b1b124edb39 (diff)