From beedd0a266cfe524fe2a851caec8316f2e37885c Mon Sep 17 00:00:00 2001 From: Bram Moolenaar Date: Sat, 27 Aug 2022 21:52:52 +0100 Subject: patch 9.0.0289: invalid memory write Problem: Invalid memory write. Solution: Do not put NUL in a static string. --- src/message.c | 29 ++++++++++++++++++++++++----- src/version.c | 2 ++ 2 files changed, 26 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/message.c b/src/message.c index 00ad2c7d30..108ea22f74 100644 --- a/src/message.c +++ b/src/message.c @@ -2237,20 +2237,41 @@ msg_puts_attr_len(char *str, int maxlen, int attr) static void put_msg_win(win_T *wp, int where, char_u *t_s, char_u *end, linenr_T lnum) { - int c = *end; + char_u *p; - *end = NUL; if (where == PUT_BELOW) - ml_append_buf(wp->w_buffer, lnum, t_s, (colnr_T)0, FALSE); + { + if (*end != NUL) + { + p = vim_strnsave(t_s, end - t_s); + if (p == NULL) + return; + } + else + p = t_s; + ml_append_buf(wp->w_buffer, lnum, p, (colnr_T)0, FALSE); + if (p != t_s) + vim_free(p); + } else { char_u *newp; curbuf = wp->w_buffer; if (where == PUT_APPEND) + { newp = concat_str(ml_get(lnum), t_s); + if (newp == NULL) + return; + if (*end != NUL) + newp[STRLEN(ml_get(lnum)) + (end - t_s)] = NUL; + } else + { newp = vim_strnsave(t_s, end - t_s); + if (newp == NULL) + return; + } ml_replace(lnum, newp, FALSE); curbuf = curwin->w_buffer; } @@ -2258,8 +2279,6 @@ put_msg_win(win_T *wp, int where, char_u *t_s, char_u *end, linenr_T lnum) // set msg_col so that a newline is written if needed msg_col = STRLEN(t_s); - - *end = c; } #endif diff --git a/src/version.c b/src/version.c index b517fe7476..32c132ca43 100644 --- a/src/version.c +++ b/src/version.c @@ -707,6 +707,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ +/**/ + 289, /**/ 288, /**/ -- cgit v1.2.3