home *** CD-ROM | disk | FTP | other *** search
- To: Mike Steed <mrsteed@usa.net>
- Cc: vim-dev@vim.org
- In-Reply-To: <19990722161430.20086.qmail@www0n.netaddress.usa.net>
- Subject: patch 5.4p.12 (was: 5.4p Win32 crash)
- Fcc: outbox
- From: Bram Moolenaar <Bram@moolenaar.net>
- ------------
-
- Mike -
-
- > Type :e zzzz... (about 256 z's), then hit 'wildchar', and Vim will crash. A
- > silly thing to do, I know, but still, Vim shouldn't crash.
-
- I have to use a longer zzzzz..., but it indeed crashes.
-
- > I think the problem is that in win32_expandpath(), memory is being written
- > beyond the end of buf[].
-
- Yes, looks like it. The code assumes that the path is valid, and thus isn't
- longer than _MAX_PATH. That isn't always true.
-
- > I took a quick look at the code but wasn't sure of the best way to fix it.
-
- dos_expandpath() allocates buf[]. That's a solution. Also makes it more
- similar to the other xxx_expandpath() functions.
-
- > And this may be something that gets put on the todo list until after 5.4 is
- > out.
-
- I could still do that. After all, it does solve a crash. But I better make
- sure that it really fixes the problem, and not cause a new one... OK, it does
- fix the problem for me. And it's a simple change, since similar code is
- already used for MS-DOS.
-
-
- Patch 5.4p.12
- Problem: Win32: Trying to expand a string that is longer than 256
- characters could cause a crash. (Steed)
- Solution: For the buffer in win32_expandpath() don't use a fixed size array,
- allocate it.
- Files: src/os_win32.c
-
-
- *** ../vim-5.4p/src/os_win32.c Mon Jul 19 11:09:14 1999
- --- src/os_win32.c Thu Jul 22 22:22:24 1999
- ***************
- *** 2603,2609 ****
- char_u *wildc,
- int flags)
- {
- ! char buf[_MAX_PATH+1];
- char *p, *s, *e;
- int start_len, c = 1;
- WIN32_FIND_DATA fb;
- --- 2603,2609 ----
- char_u *wildc,
- int flags)
- {
- ! char *buf;
- char *p, *s, *e;
- int start_len, c = 1;
- WIN32_FIND_DATA fb;
- ***************
- *** 2613,2618 ****
- --- 2613,2622 ----
- int len;
-
- start_len = gap->ga_len;
- + /* make room for file name */
- + buf = (char *)alloc(STRLEN(path) + BASENAMELEN + 5);
- + if (buf == NULL)
- + return 0;
-
- /*
- * Find the first part in the path name that contains a wildcard.
- ***************
- *** 2700,2705 ****
- --- 2704,2710 ----
- c = FindNextFile(hFind, &fb);
- }
- FindClose(hFind);
- + vim_free(buf);
-
- matches = gap->ga_len - start_len;
- if (matches)
-
- --
- hundred-and-one symptoms of being an internet addict:
- 224. You set up your own Web page. You set up a Web page for each
- of your kids... and your pets.
-
- --/-/---- Bram Moolenaar ---- Bram@moolenaar.net ---- Bram@vim.org ---\-\--
- \ \ www.vim.org/iccf www.moolenaar.net www.vim.org / /
-