[vim/f18] - patchlevel 664

[Karsten Hopp]

commit 3392e4c142565babe8743748c96fbaf36849ec67
Author: Karsten Hopp <karsten at redhat.com>
Date:   Fri Oct 5 00:36:15 2012 +0200

    - patchlevel 664

 7.3.664 |   78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 78 insertions(+), 0 deletions(-)
---
diff --git a/7.3.664 b/7.3.664
new file mode 100644
index 0000000..b83c382
--- /dev/null
+++ b/7.3.664
@@ -0,0 +1,78 @@
+To: vim_dev at googlegroups.com
+Subject: Patch 7.3.664
+Fcc: outbox
+From: Bram Moolenaar <Bram at moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.3.664
+Problem:    Buffer overflow in unescaping text. (Raymond Ko)
+Solution:   Limit check for multi-byte character to 4 bytes.
+Files:	    src/mbyte.c
+
+
+*** ../vim-7.3.663/src/mbyte.c	2012-06-01 17:46:52.000000000 +0200
+--- src/mbyte.c	2012-09-18 17:53:05.000000000 +0200
+***************
+*** 3793,3805 ****
+  mb_unescape(pp)
+      char_u **pp;
+  {
+!     static char_u	buf[MB_MAXBYTES + 1];
+!     int			n, m = 0;
+      char_u		*str = *pp;
+  
+      /* Must translate K_SPECIAL KS_SPECIAL KE_FILLER to K_SPECIAL and CSI
+!      * KS_EXTRA KE_CSI to CSI. */
+!     for (n = 0; str[n] != NUL && m <= MB_MAXBYTES; ++n)
+      {
+  	if (str[n] == K_SPECIAL
+  		&& str[n + 1] == KS_SPECIAL
+--- 3793,3807 ----
+  mb_unescape(pp)
+      char_u **pp;
+  {
+!     static char_u	buf[6];
+!     int			n;
+!     int			m = 0;
+      char_u		*str = *pp;
+  
+      /* Must translate K_SPECIAL KS_SPECIAL KE_FILLER to K_SPECIAL and CSI
+!      * KS_EXTRA KE_CSI to CSI.
+!      * Maximum length of a utf-8 character is 4 bytes. */
+!     for (n = 0; str[n] != NUL && m < 4; ++n)
+      {
+  	if (str[n] == K_SPECIAL
+  		&& str[n + 1] == KS_SPECIAL
+***************
+*** 3836,3841 ****
+--- 3838,3847 ----
+  	    *pp = str + n + 1;
+  	    return buf;
+  	}
++ 
++ 	/* Bail out quickly for ASCII. */
++ 	if (buf[0] < 128)
++ 	    break;
+      }
+      return NULL;
+  }
+*** ../vim-7.3.663/src/version.c	2012-09-18 16:47:00.000000000 +0200
+--- src/version.c	2012-09-18 18:01:14.000000000 +0200
+***************
+*** 721,722 ****
+--- 721,724 ----
+  {   /* Add new patch number below this line */
++ /**/
++     664,
+  /**/
+
+-- 
+There are three kinds of people: Those who can count & those who can't.
+
+ /// Bram Moolenaar -- Bram at Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///