commit 17f95fe79bc32d3e6c008716e2bc623cbecf7a0d
parent 63cd2adf3d27436dbaf6a8eda72608d3009ccd3c
Author: zeertzjq <zeertzjq@outlook.com>
Date: Wed, 31 Jul 2024 06:37:58 +0800
vim-patch:9.0.0105: illegal memory access when pattern starts with illegal byte
Problem: Illegal memory access when pattern starts with illegal byte.
Solution: Do not match a character with an illegal byte.
https://github.com/vim/vim/commit/f50940531dd57135fe60aa393ac9d3281f352d88
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Diffstat:
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/src/nvim/regexp.c b/src/nvim/regexp.c
@@ -1804,7 +1804,9 @@ static inline char *cstrchr(const char *const s, const int c)
if (c > 0x80) {
const int folded_c = utf_fold(c);
for (const char *p = s; *p != NUL; p += utfc_ptr2len(p)) {
- if (utf_fold(utf_ptr2char(p)) == folded_c) {
+ const int uc = utf_ptr2char(p);
+ // Do not match an illegal byte. E.g. 0xff matches 0xc3 0xbf, not 0xff.
+ if ((uc < 0x80 || uc != (uint8_t)(*p)) && utf_fold(uc) == folded_c) {
return (char *)p;
}
}
diff --git a/test/old/testdir/test_regexp_utf8.vim b/test/old/testdir/test_regexp_utf8.vim
@@ -1,5 +1,7 @@
" Tests for regexp in utf8 encoding
+source shared.vim
+
func s:equivalence_test()
let str = "AÀÁÂÃÄÅĀĂĄǍǞǠǺȂȦȺḀẠẢẤẦẨẪẬẮẰẲẴẶ BƁɃḂḄḆ CÇĆĈĊČƇȻḈꞒ DĎĐƊḊḌḎḐḒ EÈÉÊËĒĔĖĘĚȄȆȨɆḔḖḘḚḜẸẺẼẾỀỂỄỆ FƑḞꞘ GĜĞĠĢƓǤǦǴḠꞠ HĤĦȞḢḤḦḨḪⱧ IÌÍÎÏĨĪĬĮİƗǏȈȊḬḮỈỊ JĴɈ KĶƘǨḰḲḴⱩꝀ LĹĻĽĿŁȽḶḸḺḼⱠ MḾṀṂ NÑŃŅŇǸṄṆṈṊꞤ OÒÓÔÕÖØŌŎŐƟƠǑǪǬǾȌȎȪȬȮȰṌṎṐṒỌỎỐỒỔỖỘỚỜỞỠỢ PƤṔṖⱣ QɊ RŔŖŘȐȒɌṘṚṜṞⱤꞦ SŚŜŞŠȘṠṢṤṦṨⱾꞨ TŢŤŦƬƮȚȾṪṬṮṰ UÙÚÛÜŨŪŬŮŰƯǕǙǛǓǗȔȖɄṲṴṶṸṺỤỦỨỪỬỮỰ VƲṼṾ WŴẀẂẄẆẈ XẊẌ YÝŶŸƳȲɎẎỲỴỶỸ ZŹŻŽƵẐẒẔⱫ aàáâãäåāăąǎǟǡǻȃȧᶏḁẚạảấầẩẫậắằẳẵặⱥ bƀɓᵬᶀḃḅḇ cçćĉċčƈȼḉꞓꞔ dďđɗᵭᶁᶑḋḍḏḑḓ eèéêëēĕėęěȅȇȩɇᶒḕḗḙḛḝẹẻẽếềểễệ fƒᵮᶂḟꞙ gĝğġģǥǧǵɠᶃḡꞡ hĥħȟḣḥḧḩḫẖⱨꞕ iìíîïĩīĭįǐȉȋɨᶖḭḯỉị jĵǰɉ kķƙǩᶄḱḳḵⱪꝁ lĺļľŀłƚḷḹḻḽⱡ mᵯḿṁṃ nñńņňʼnǹᵰᶇṅṇṉṋꞥ oòóôõöøōŏőơǒǫǭǿȍȏȫȭȯȱɵṍṏṑṓọỏốồổỗộớờởỡợ pƥᵱᵽᶈṕṗ qɋʠ rŕŗřȑȓɍɽᵲᵳᶉṛṝṟꞧ sśŝşšșȿᵴᶊṡṣṥṧṩꞩ tţťŧƫƭțʈᵵṫṭṯṱẗⱦ uùúûüũūŭůűųǚǖưǔǘǜȕȗʉᵾᶙṳṵṷṹṻụủứừửữự vʋᶌṽṿ wŵẁẃẅẇẉẘ xẋẍ yýÿŷƴȳɏẏẙỳỵỷỹ zźżžƶᵶᶎẑẓẕⱬ"
let groups = split(str)
@@ -559,6 +561,19 @@ func Test_match_invalid_byte()
call delete('Xinvalid')
endfunc
+func Test_match_illegal_byte()
+ let lines =<< trim END
+ silent! buffer ÿ\c
+ next ÿ
+ 0scriptnames
+ source
+ END
+ call writefile(lines, 'Xregexp')
+ call system(GetVimCommand() .. ' -X -Z -e -s -S Xregexp -c qa!')
+
+ call delete('Xregexp')
+endfunc
+
func Test_match_too_complicated()
set regexpengine=1
exe "noswapfile vsplit \xeb\xdb\x99"
