To: vim_dev@googlegroups.com Subject: Patch 8.0.0264 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.0.0264 Problem: Memory error reported by ubsan, probably for using the string returned by execute(). Solution: NUL terminate the result of execute(). Files: src/evalfunc.c *** ../vim-8.0.0263/src/evalfunc.c 2017-01-28 18:31:36.690078200 +0100 --- src/evalfunc.c 2017-01-29 20:30:39.512880047 +0100 *************** *** 2819,2825 **** --list->lv_refcount; } ! rettv->vval.v_string = redir_execute_ga.ga_data; msg_silent = save_msg_silent; emsg_silent = save_emsg_silent; emsg_noredir = save_emsg_noredir; --- 2819,2835 ---- --list->lv_refcount; } ! /* Need to append a NUL to the result. */ ! if (ga_grow(&redir_execute_ga, 1) == OK) ! { ! ((char *)redir_execute_ga.ga_data)[redir_execute_ga.ga_len] = NUL; ! rettv->vval.v_string = redir_execute_ga.ga_data; ! } ! else ! { ! ga_clear(&redir_execute_ga); ! rettv->vval.v_string = NULL; ! } msg_silent = save_msg_silent; emsg_silent = save_emsg_silent; emsg_noredir = save_emsg_noredir; *** ../vim-8.0.0263/src/version.c 2017-01-29 19:59:35.961322877 +0100 --- src/version.c 2017-01-29 20:29:47.989224106 +0100 *************** *** 766,767 **** --- 766,769 ---- { /* Add new patch number below this line */ + /**/ + 264, /**/ -- Did you ever stop to think... and forget to start again? -- Steven Wright /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///