From f50940531dd57135fe60aa393ac9d3281f352d88 Mon Sep 17 00:00:00 2001 From: Bram Moolenaar Date: Fri, 29 Jul 2022 16:22:25 +0100 Subject: [PATCH] patch 9.0.0105: illegal memory access when pattern starts with illegal byte Problem: Illegal memory access when pattern starts with illegal byte. Solution: Do not match a character with an illegal byte. --- src/regexp.c | 6 +++++- src/testdir/test_regexp_utf8.vim | 15 +++++++++++++++ src/version.c | 2 ++ 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/src/regexp.c b/src/regexp.c index 1a5cfd07cbd73..bec046437f0ee 100644 --- a/src/regexp.c +++ b/src/regexp.c @@ -1641,7 +1641,11 @@ cstrchr(char_u *s, int c) { if (enc_utf8 && c > 0x80) { - if (utf_fold(utf_ptr2char(p)) == cc) + int uc = utf_ptr2char(p); + + // Do not match an illegal byte. E.g. 0xff matches 0xc3 0xbf, + // not 0xff. + if ((uc < 0x80 || uc != *p) && utf_fold(uc) == cc) return p; } else if (*p == c || *p == cc) diff --git a/src/testdir/test_regexp_utf8.vim b/src/testdir/test_regexp_utf8.vim index d88e26321d3cd..e7672ddd86d4e 100644 --- a/src/testdir/test_regexp_utf8.vim +++ b/src/testdir/test_regexp_utf8.vim @@ -1,5 +1,7 @@ " Tests for regexp in utf8 encoding +source shared.vim + func s:equivalence_test() let str = "AÀÁÂÃÄÅĀĂĄǍǞǠǺȂȦȺḀẠẢẤẦẨẪẬẮẰẲẴẶ BƁɃḂḄḆ CÇĆĈĊČƇȻḈꞒ DĎĐƊḊḌḎḐḒ EÈÉÊËĒĔĖĘĚȄȆȨɆḔḖḘḚḜẸẺẼẾỀỂỄỆ FƑḞꞘ GĜĞĠĢƓǤǦǴḠꞠ HĤĦȞḢḤḦḨḪⱧ IÌÍÎÏĨĪĬĮİƗǏȈȊḬḮỈỊ JĴɈ KĶƘǨḰḲḴⱩꝀ LĹĻĽĿŁȽḶḸḺḼⱠ MḾṀṂ NÑŃŅŇǸṄṆṈṊꞤ OÒÓÔÕÖØŌŎŐƟƠǑǪǬǾȌȎȪȬȮȰṌṎṐṒỌỎỐỒỔỖỘỚỜỞỠỢ PƤṔṖⱣ QɊ RŔŖŘȐȒɌṘṚṜṞⱤꞦ SŚŜŞŠȘṠṢṤṦṨⱾꞨ TŢŤŦƬƮȚȾṪṬṮṰ UÙÚÛÜŨŪŬŮŰƯǕǙǛǓǗȔȖɄṲṴṶṸṺỤỦỨỪỬỮỰ VƲṼṾ WŴẀẂẄẆẈ XẊẌ YÝŶŸƳȲɎẎỲỴỶỸ ZŹŻŽƵẐẒẔⱫ aàáâãäåāăąǎǟǡǻȃȧᶏḁẚạảấầẩẫậắằẳẵặⱥ bƀɓᵬᶀḃḅḇ cçćĉċčƈȼḉꞓꞔ dďđɗᵭᶁᶑḋḍḏḑḓ eèéêëēĕėęěȅȇȩɇᶒḕḗḙḛḝẹẻẽếềểễệ fƒᵮᶂḟꞙ gĝğġģǥǧǵɠᶃḡꞡ hĥħȟḣḥḧḩḫẖⱨꞕ iìíîïĩīĭįǐȉȋɨᶖḭḯỉị jĵǰɉ kķƙǩᶄḱḳḵⱪꝁ lĺļľŀłƚḷḹḻḽⱡ mᵯḿṁṃ nñńņňʼnǹᵰᶇṅṇṉṋꞥ oòóôõöøōŏőơǒǫǭǿȍȏȫȭȯȱɵṍṏṑṓọỏốồổỗộớờởỡợ pƥᵱᵽᶈṕṗ qɋʠ rŕŗřȑȓɍɽᵲᵳᶉṛṝṟꞧ sśŝşšșȿᵴᶊṡṣṥṧṩꞩ tţťŧƫƭțʈᵵṫṭṯṱẗⱦ uùúûüũūŭůűųǚǖưǔǘǜȕȗʉᵾᶙṳṵṷṹṻụủứừửữự vʋᶌṽṿ wŵẁẃẅẇẉẘ xẋẍ yýÿŷƴȳɏẏẙỳỵỷỹ zźżžƶᵶᶎẑẓẕⱬ" let groups = split(str) @@ -560,6 +562,19 @@ func Test_match_invalid_byte() call delete('Xinvalid') endfunc +func Test_match_illegal_byte() + let lines =<< trim END + silent! buffer ÿ\c + next ÿ + 0scriptnames + source + END + call writefile(lines, 'Xregexp') + call system(GetVimCommand() .. ' -X -Z -e -s -S Xregexp -c qa!') + + call delete('Xregexp') +endfunc + func Test_match_too_complicated() set regexpengine=1 exe "noswapfile vsplit \xeb\xdb\x99" diff --git a/src/version.c b/src/version.c index 8c55a62e9d2cc..6593e5957ec36 100644 --- a/src/version.c +++ b/src/version.c @@ -735,6 +735,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ +/**/ + 105, /**/ 104, /**/