neovim

Neovim text editor
git clone https://git.dasho.dev/neovim.git
Log | Files | Refs | README
commit c6ebcd523dc91c8b1d52a8c9a61aca3d3a59250b
parent 29efd54e0284727a7dde5608e5eedaef9c00c65f
Author: zeertzjq <zeertzjq@outlook.com>
Date:   Sat, 15 Apr 2023 18:22:44 +0800

vim-patch:9.0.0104: going beyond allocated memory when evaluating string constant

Problem:    Going beyond allocated memory when evaluating string constant.
Solution:   Properly skip over <Key> form.

https://github.com/vim/vim/commit/1e56bda9048a9625bce6e660938c834c5c15b07d

Co-authored-by: Bram Moolenaar <Bram@vim.org>

Diffstat:

Msrc/nvim/eval.c | 17++++++++++++++++-


Mtest/old/testdir/test_eval_stuff.vim | 5+++++


2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/src/nvim/eval.c b/src/nvim/eval.c
@@ -3877,6 +3877,7 @@ static int eval_number(char **arg, typval_T *rettv, bool evaluate, bool want_str
 static int eval_string(char **arg, typval_T *rettv, bool evaluate, bool interpolate)
 {
   char *p;
+  const char *const arg_end = *arg + strlen(*arg);
   unsigned int extra = interpolate ? 1 : 0;
   const int off = interpolate ? 0 : 1;
 
@@ -3888,7 +3889,20 @@ static int eval_string(char **arg, typval_T *rettv, bool evaluate, bool interpol
       // to 9 characters (6 for the char and 3 for a modifier):
       // reserve space for 5 extra.
       if (*p == '<') {
+        int modifiers = 0;
+        int flags = FSK_KEYCODE | FSK_IN_STRING;
+
         extra += 5;
+
+        // Skip to the '>' to avoid using '{' inside for string
+        // interpolation.
+        if (p[1] != '*') {
+          flags |= FSK_SIMPLIFY;
+        }
+        if (find_special_key((const char **)&p, (size_t)(arg_end - p),
+                             &modifiers, flags, NULL) != 0) {
+          p--;  // leave "p" on the ">"
+        }
       }
     } else if (interpolate && (*p == '{' || *p == '}')) {
       if (*p == '{' && p[1] != '{') {  // start of expression
@@ -3994,7 +4008,8 @@ static int eval_string(char **arg, typval_T *rettv, bool evaluate, bool interpol
         if (p[1] != '*') {
           flags |= FSK_SIMPLIFY;
         }
-        extra = trans_special((const char **)&p, strlen(p), end, flags, false, NULL);
+        extra = trans_special((const char **)&p, (size_t)(arg_end - p),
+                              end, flags, false, NULL);
         if (extra != 0) {
           end += extra;
           if (end >= rettv->vval.v_string + len) {
diff --git a/test/old/testdir/test_eval_stuff.vim b/test/old/testdir/test_eval_stuff.vim
@@ -407,4 +407,9 @@ func Test_modified_char_no_escape_special()
   nunmap <M-…>
 endfunc
 
+func Test_eval_string_in_special_key()
+  " this was using the '{' inside <> as the start of an interpolated string
+  silent! echo 0{1-$"\<S--{>n|nö%
+endfunc
+
 " vim: shiftwidth=2 sts=2 expandtab