patch 8.0.0398: illegal memory access with "t"

Problem:    Illegal memory access with "t".
Solution:   Use strncmp() instead of memcmp(). (Dominique Pelle, closes #1528)

diff --git a/src/search.c b/src/search.c
index 83c584272c44deadd072afc83c98656f9660f7b1..d23dde2c88e743e26b68c6f6028f93b7c0ed331c 100644 (file)
--- a/src/search.c
+++ b/src/search.c
@@ -1693,12 +1693,9 @@ searchc(cmdarg_T *cap, int t_cmd)
                    if (p[col] == c && stop)
                        break;
                }
-               else
-               {
-                   if (memcmp(p + col, lastc_bytes, lastc_bytelen) == 0
+               else if (STRNCMP(p + col, lastc_bytes, lastc_bytelen) == 0
                                                                       && stop)
-                       break;
-               }
+                   break;
                stop = TRUE;
            }
        }

diff --git a/src/testdir/test_search.vim b/src/testdir/test_search.vim
index 040a8098a87c78fafb132c051e038e6d3e27fafd..1a114c44c0d7df457d1f1067221c34fe5ec0c74d 100644 (file)
--- a/src/testdir/test_search.vim
+++ b/src/testdir/test_search.vim
@@ -294,3 +294,10 @@ func Test_searchpair()
   q!
 endfunc
 
+func Test_searchc()
+  " These commands used to cause memory overflow in searchc().
+  new
+  norm ixx
+  exe "norm 0t\u93cf"
+  bw!
+endfunc

diff --git a/src/version.c b/src/version.c
index 26b5455ab9dddb999d31919df4ffb11ec9ecb3ba..c1f426cb3df20989f3529cbd2f1bda9984488f2c 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -764,6 +764,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    398,
 /**/
     397,
 /**/