To: vim_dev@googlegroups.com Subject: Patch 7.3.975 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 7.3.975 Problem: Crash in regexp parsing. Solution: Correctly compute the end of allocated memory. Files: src/regexp_nfa.c *** ../vim-7.3.974/src/regexp_nfa.c 2013-05-19 22:31:13.000000000 +0200 --- src/regexp_nfa.c 2013-05-20 13:43:37.000000000 +0200 *************** *** 231,244 **** /* A reasonable estimation for size */ nstate_max = (STRLEN(expr) + 1) * NFA_POSTFIX_MULTIPLIER; ! /* Size for postfix representation of expr */ postfix_size = sizeof(*post_start) * nstate_max; post_start = (int *)lalloc(postfix_size, TRUE); if (post_start == NULL) return FAIL; vim_memset(post_start, 0, postfix_size); post_ptr = post_start; ! post_end = post_start + postfix_size; nfa_has_zend = FALSE; regcomp_start(expr, re_flags); --- 231,249 ---- /* A reasonable estimation for size */ nstate_max = (STRLEN(expr) + 1) * NFA_POSTFIX_MULTIPLIER; ! /* Some items blow up in size, such as [A-z]. Add more space for that. ! * TODO: some patterns may still fail. */ ! // nstate_max += 1000; ! ! /* Size for postfix representation of expr. */ postfix_size = sizeof(*post_start) * nstate_max; + post_start = (int *)lalloc(postfix_size, TRUE); if (post_start == NULL) return FAIL; vim_memset(post_start, 0, postfix_size); post_ptr = post_start; ! post_end = post_start + nstate_max; nfa_has_zend = FALSE; regcomp_start(expr, re_flags); *** ../vim-7.3.974/src/version.c 2013-05-20 12:52:23.000000000 +0200 --- src/version.c 2013-05-20 13:42:10.000000000 +0200 *************** *** 730,731 **** --- 730,733 ---- { /* Add new patch number below this line */ + /**/ + 975, /**/ -- My Go, this amn keyboar oesn't have a . /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///