To: vim_dev@googlegroups.com Subject: Patch 8.1.0968 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.1.0968 Problem: Crash when using search pattern \%Ufffffc23. Solution: Limit character to INT_MAX. (closes #4009) Files: src/regexp_nfa.c, src/testdir/test_search.vim *** ../vim-8.1.0967/src/regexp_nfa.c 2019-02-20 22:04:28.819721333 +0100 --- src/regexp_nfa.c 2019-02-21 22:26:06.112676413 +0100 *************** *** 1475,1481 **** default: nr = -1; break; } ! if (nr < 0) EMSG2_RET_FAIL( _("E678: Invalid character after %s%%[dxouU]"), reg_magic == MAGIC_ALL); --- 1475,1481 ---- default: nr = -1; break; } ! if (nr < 0 || nr > INT_MAX) EMSG2_RET_FAIL( _("E678: Invalid character after %s%%[dxouU]"), reg_magic == MAGIC_ALL); *** ../vim-8.1.0967/src/testdir/test_search.vim 2019-02-21 17:48:55.485002030 +0100 --- src/testdir/test_search.vim 2019-02-21 22:24:23.981817630 +0100 *************** *** 1211,1213 **** --- 1211,1222 ---- call assert_equal(bufcontent[1], @/) call Incsearch_cleanup() endfunc + + func Test_large_hex_chars() + " This used to cause a crash, the character becomes an NFA state. + try + /\%Ufffffc23 + catch + call assert_match('E678:', v:exception) + endtry + endfunc *** ../vim-8.1.0967/src/version.c 2019-02-21 21:50:42.603751312 +0100 --- src/version.c 2019-02-21 22:25:56.016785474 +0100 *************** *** 781,782 **** --- 781,784 ---- { /* Add new patch number below this line */ + /**/ + 968, /**/ -- "How is your new girlfriend?" "90-60-90 man!" "What, pale purple?" /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///