To: vim_dev@googlegroups.com Subject: Patch 7.4.2 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 7.4.256 (after 7.4.248) Problem: Using systemlist() may cause a crash and does not handle NUL characters properly. Solution: Increase the reference count, allocate memory by length. (Yasuhiro Matsumoto) Files: src/eval.c *** ../vim-7.4.255/src/eval.c 2014-04-05 21:28:50.667174384 +0200 --- src/eval.c 2014-04-11 10:10:22.112217827 +0200 *************** *** 18334,18349 **** for (i = 0; i < len; ++i) { start = res + i; ! for (end = start; i < len && *end != NL; ++end) ++i; ! s = vim_strnsave(start, (int)(end - start)); if (s == NULL) goto errret; ! for (p = s, end = s + (end - start); p < end; ++p) ! if (*p == NUL) ! *p = NL; li = listitem_alloc(); if (li == NULL) --- 18334,18350 ---- for (i = 0; i < len; ++i) { start = res + i; ! while (i < len && res[i] != NL) ++i; + end = res + i; ! s = alloc((unsigned)(end - start + 1)); if (s == NULL) goto errret; ! for (p = s; start < end; ++p, ++start) ! *p = *start == NUL ? NL : *start; ! *p = NUL; li = listitem_alloc(); if (li == NULL) *************** *** 18356,18361 **** --- 18357,18363 ---- list_append(list, li); } + ++list->lv_refcount; rettv->v_type = VAR_LIST; rettv->vval.v_list = list; list = NULL; *** ../vim-7.4.255/src/version.c 2014-04-10 20:00:03.720106386 +0200 --- src/version.c 2014-04-11 09:44:05.208214383 +0200 *************** *** 736,737 **** --- 736,739 ---- { /* Add new patch number below this line */ + /**/ + 256, /**/ -- hundred-and-one symptoms of being an internet addict: 46. Your wife makes a new rule: "The computer cannot come to bed." /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///