patch 8.0.0883: invalid memory access with nonsensical script

Problem:    Invalid memory access with nonsensical script.
Solution:   Check "dstlen" being positive. (Dominique Pelle)

diff --git a/src/misc1.c b/src/misc1.c
index 4e51bed25ef9e87851c9ea1a2a34d5418cbb99d5..5f8b092c0947b6c88b3d73d0381a1e3a36f12ccc 100644 (file)
--- a/src/misc1.c
+++ b/src/misc1.c
@@ -4180,13 +4180,18 @@ expand_env_esc(
            }
            else if ((src[0] == ' ' || src[0] == ',') && !one)
                at_start = TRUE;
-           *dst++ = *src++;
-           --dstlen;
+           if (dstlen > 0)
+           {
+               *dst++ = *src++;
+               --dstlen;
 
-           if (startstr != NULL && src - startstr_len >= srcp
-                   && STRNCMP(src - startstr_len, startstr, startstr_len) == 0)
-               at_start = TRUE;
+               if (startstr != NULL && src - startstr_len >= srcp
+                       && STRNCMP(src - startstr_len, startstr,
+                                                           startstr_len) == 0)
+                   at_start = TRUE;
+           }
        }
+
     }
     *dst = NUL;
 }

diff --git a/src/version.c b/src/version.c
index 8c2b03296051938b45ba10b92f9589c0ab5dbc31..e6bcfb5dd271ada040970af881e66f863455c384 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -769,6 +769,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    883,
 /**/
     882,
 /**/