To: vim_dev@googlegroups.com Subject: Patch 8.2.1560 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.2.1560 Problem: Using NULL pointers in some code. (James McCoy) Solution: Avoid adding to a NULL pointer. Use byte as unsigned. Files: src/fold.c, src/eval.c, src/spellsuggest.c, src/spellfile.c, src/vim9compile.c *** ../vim-8.2.1559/src/fold.c 2020-08-31 21:22:34.044175561 +0200 --- src/fold.c 2020-09-01 19:27:10.650832221 +0200 *************** *** 1314,1320 **** if (!foldFind(gap, lnum, &fp)) { // If there is a following fold, continue there next time. ! if (fp < (fold_T *)gap->ga_data + gap->ga_len) next = fp->fd_top + off; break; } --- 1314,1320 ---- if (!foldFind(gap, lnum, &fp)) { // If there is a following fold, continue there next time. ! if (fp != NULL && fp < (fold_T *)gap->ga_data + gap->ga_len) next = fp->fd_top + off; break; } *************** *** 2905,2922 **** // any between top and bot, they have been removed by the caller. gap1 = &fp->fd_nested; gap2 = &fp[1].fd_nested; ! (void)(foldFind(gap1, bot + 1 - fp->fd_top, &fp2)); ! len = (int)((fold_T *)gap1->ga_data + gap1->ga_len - fp2); ! if (len > 0 && ga_grow(gap2, len) == OK) ! { ! for (idx = 0; idx < len; ++idx) ! { ! ((fold_T *)gap2->ga_data)[idx] = fp2[idx]; ! ((fold_T *)gap2->ga_data)[idx].fd_top ! -= fp[1].fd_top - fp->fd_top; } - gap2->ga_len = len; - gap1->ga_len -= len; } fp->fd_len = top - fp->fd_top; fold_changed = TRUE; --- 2905,2924 ---- // any between top and bot, they have been removed by the caller. gap1 = &fp->fd_nested; gap2 = &fp[1].fd_nested; ! if (foldFind(gap1, bot + 1 - fp->fd_top, &fp2)) ! { ! len = (int)((fold_T *)gap1->ga_data + gap1->ga_len - fp2); ! if (len > 0 && ga_grow(gap2, len) == OK) ! { ! for (idx = 0; idx < len; ++idx) ! { ! ((fold_T *)gap2->ga_data)[idx] = fp2[idx]; ! ((fold_T *)gap2->ga_data)[idx].fd_top ! -= fp[1].fd_top - fp->fd_top; ! } ! gap2->ga_len = len; ! gap1->ga_len -= len; } } fp->fd_len = top - fp->fd_top; fold_changed = TRUE; *** ../vim-8.2.1559/src/eval.c 2020-08-30 23:24:17.223401357 +0200 --- src/eval.c 2020-09-01 19:29:29.570332869 +0200 *************** *** 395,401 **** typval_T rettv; int res; int vim9script = in_vim9script(); ! garray_T *gap = &evalarg->eval_ga; int save_flags = evalarg == NULL ? 0 : evalarg->eval_flags; int evaluate = evalarg == NULL ? FALSE : (evalarg->eval_flags & EVAL_EVALUATE); --- 395,401 ---- typval_T rettv; int res; int vim9script = in_vim9script(); ! garray_T *gap = evalarg == NULL ? NULL : &evalarg->eval_ga; int save_flags = evalarg == NULL ? 0 : evalarg->eval_flags; int evaluate = evalarg == NULL ? FALSE : (evalarg->eval_flags & EVAL_EVALUATE); *** ../vim-8.2.1559/src/spellsuggest.c 2020-07-01 13:15:21.414343245 +0200 --- src/spellsuggest.c 2020-09-01 19:31:06.789983816 +0200 *************** *** 3606,3611 **** --- 3606,3613 ---- int len; hlf_T attr; + if (gap->ga_len == 0) + return; stp = &SUG(*gap, 0); for (i = gap->ga_len - 1; i >= 0; --i) { *** ../vim-8.2.1559/src/spellfile.c 2020-08-24 20:05:46.837560546 +0200 --- src/spellfile.c 2020-09-01 19:33:14.685524984 +0200 *************** *** 816,822 **** // read the length bytes, MSB first for (i = 0; i < cnt_bytes; ++i) ! cnt = (cnt << 8) + getc(fd); if (cnt < 0) { *cntp = SP_TRUNCERROR; --- 816,822 ---- // read the length bytes, MSB first for (i = 0; i < cnt_bytes; ++i) ! cnt = (cnt << 8) + (unsigned)getc(fd); if (cnt < 0) { *cntp = SP_TRUNCERROR; *** ../vim-8.2.1559/src/vim9compile.c 2020-08-30 23:24:17.219401371 +0200 --- src/vim9compile.c 2020-09-01 19:37:05.852696726 +0200 *************** *** 1147,1153 **** isn->isn_arg.number = count; // get the member type from all the items on the stack. ! member = get_member_type_from_stack( ((type_T **)stack->ga_data) + stack->ga_len, count, 1, cctx->ctx_type_list); type = get_list_type(member, cctx->ctx_type_list); --- 1147,1156 ---- isn->isn_arg.number = count; // get the member type from all the items on the stack. ! if (count == 0) ! member = &t_void; ! else ! member = get_member_type_from_stack( ((type_T **)stack->ga_data) + stack->ga_len, count, 1, cctx->ctx_type_list); type = get_list_type(member, cctx->ctx_type_list); *************** *** 1180,1186 **** return FAIL; isn->isn_arg.number = count; ! member = get_member_type_from_stack( ((type_T **)stack->ga_data) + stack->ga_len, count, 2, cctx->ctx_type_list); type = get_dict_type(member, cctx->ctx_type_list); --- 1183,1192 ---- return FAIL; isn->isn_arg.number = count; ! if (count == 0) ! member = &t_void; ! else ! member = get_member_type_from_stack( ((type_T **)stack->ga_data) + stack->ga_len, count, 2, cctx->ctx_type_list); type = get_dict_type(member, cctx->ctx_type_list); *** ../vim-8.2.1559/src/version.c 2020-09-01 17:50:48.316192921 +0200 --- src/version.c 2020-09-01 19:22:56.155749967 +0200 *************** *** 756,757 **** --- 756,759 ---- { /* Add new patch number below this line */ + /**/ + 1560, /**/ -- LAUNCELOT leaps into SHOT with a mighty cry and runs the GUARD through and hacks him to the floor. Blood. Swashbuckling music (perhaps). LAUNCELOT races through into the castle screaming. SECOND SENTRY: Hey! "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///