• R/O
  • SSH

vim: Commit

Mirror of the Vim source from https://github.com/vim/vim


Commit MetaInfo

Revision23fef64352a14b6f0c2e7f0e7ef044d06e4c3d87 (tree)
Zeit2019-11-10 06:30:04
AutorBram Moolenaar <Bram@vim....>
CommiterBram Moolenaar

Log Message

patch 8.1.2280: crash when passing partial to substitute()

Commit: https://github.com/vim/vim/commit/b0745b221d284e381f1bd4b591cd68ea54b6a51d
Author: Bram Moolenaar <Bram@vim.org>
Date: Sat Nov 9 22:28:11 2019 +0100

patch 8.1.2280: crash when passing partial to substitute()
Problem: Crash when passing partial to substitute().
Solution: Take extra arguments into account. (closes https://github.com/vim/vim/issues/5186)

Ändern Zusammenfassung

Diff

diff -r e268594d460a -r 23fef64352a1 src/proto/regexp.pro
--- a/src/proto/regexp.pro Sat Nov 09 21:30:04 2019 +0100
+++ b/src/proto/regexp.pro Sat Nov 09 22:30:04 2019 +0100
@@ -1,8 +1,6 @@
11 /* regexp.c */
22 int re_multiline(regprog_T *prog);
33 char_u *skip_regexp(char_u *startp, int dirc, int magic, char_u **newp);
4-int vim_regcomp_had_eol(void);
5-void free_regexp_stuff(void);
64 reg_extmatch_T *ref_extmatch(reg_extmatch_T *em);
75 void unref_extmatch(reg_extmatch_T *em);
86 char_u *regtilde(char_u *source, int magic);
@@ -10,8 +8,10 @@
108 int vim_regsub_multi(regmmatch_T *rmp, linenr_T lnum, char_u *source, char_u *dest, int copy, int magic, int backslash);
119 char_u *reg_submatch(int no);
1210 list_T *reg_submatch_list(int no);
11+int vim_regcomp_had_eol(void);
1312 regprog_T *vim_regcomp(char_u *expr_arg, int re_flags);
1413 void vim_regfree(regprog_T *prog);
14+void free_regexp_stuff(void);
1515 int regprog_in_use(regprog_T *prog);
1616 int vim_regexec_prog(regprog_T **prog, int ignore_case, char_u *line, colnr_T col);
1717 int vim_regexec(regmatch_T *rmp, char_u *line, colnr_T col);
diff -r e268594d460a -r 23fef64352a1 src/regexp.c
--- a/src/regexp.c Sat Nov 09 21:30:04 2019 +0100
+++ b/src/regexp.c Sat Nov 09 22:30:04 2019 +0100
@@ -1784,25 +1784,26 @@
17841784 #ifdef FEAT_EVAL
17851785
17861786 /*
1787- * Put the submatches in "argv[0]" which is a list passed into call_func() by
1788- * vim_regsub_both().
1787+ * Put the submatches in "argv[argskip]" which is a list passed into
1788+ * call_func() by vim_regsub_both().
17891789 */
17901790 static int
1791-fill_submatch_list(int argc UNUSED, typval_T *argv, int argcount)
1791+fill_submatch_list(int argc UNUSED, typval_T *argv, int argskip, int argcount)
17921792 {
17931793 listitem_T *li;
17941794 int i;
17951795 char_u *s;
1796-
1797- if (argcount == 0)
1798- /* called function doesn't take an argument */
1799- return 0;
1796+ typval_T *listarg = argv + argskip;
18001797
1801- /* Relies on sl_list to be the first item in staticList10_T. */
1802- init_static_list((staticList10_T *)(argv->vval.v_list));
1798+ if (argcount == argskip)
1799+ // called function doesn't take a submatches argument
1800+ return argskip;
18031801
1804- /* There are always 10 list items in staticList10_T. */
1805- li = argv->vval.v_list->lv_first;
1802+ // Relies on sl_list to be the first item in staticList10_T.
1803+ init_static_list((staticList10_T *)(listarg->vval.v_list));
1804+
1805+ // There are always 10 list items in staticList10_T.
1806+ li = listarg->vval.v_list->lv_first;
18061807 for (i = 0; i < 10; ++i)
18071808 {
18081809 s = rsm.sm_match->startp[i];
@@ -1814,7 +1815,7 @@
18141815 li->li_tv.vval.v_string = s;
18151816 li = li->li_next;
18161817 }
1817- return 1;
1818+ return argskip + 1;
18181819 }
18191820
18201821 static void
diff -r e268594d460a -r 23fef64352a1 src/structs.h
--- a/src/structs.h Sat Nov 09 21:30:04 2019 +0100
+++ b/src/structs.h Sat Nov 09 22:30:04 2019 +0100
@@ -1627,10 +1627,11 @@
16271627 //
16281628 // "argv_func", when not NULL, can be used to fill in arguments only when the
16291629 // invoked function uses them. It is called like this:
1630-// new_argcount = argv_func(current_argcount, argv, called_func_argcount)
1630+// new_argcount = argv_func(current_argcount, argv, partial_argcount,
1631+// called_func_argcount)
16311632 //
16321633 typedef struct {
1633- int (* argv_func)(int, typval_T *, int);
1634+ int (* argv_func)(int, typval_T *, int, int);
16341635 linenr_T firstline; // first line of range
16351636 linenr_T lastline; // last line of range
16361637 int *doesrange; // if not NULL: return: function handled range
diff -r e268594d460a -r 23fef64352a1 src/testdir/test_substitute.vim
--- a/src/testdir/test_substitute.vim Sat Nov 09 21:30:04 2019 +0100
+++ b/src/testdir/test_substitute.vim Sat Nov 09 22:30:04 2019 +0100
@@ -405,6 +405,14 @@
405405 call assert_equal('1aaa', substitute('123', '1\zs\|[23]', 'a', 'g'))
406406 endfunc
407407
408+func SubReplacer(text, submatches)
409+ return a:text .. a:submatches[0] .. a:text
410+endfunc
411+
412+func Test_substitute_partial()
413+ call assert_equal('1foo2foo3', substitute('123', '2', function('SubReplacer', ['foo']), 'g'))
414+endfunc
415+
408416 " Tests for *sub-replace-special* and *sub-replace-expression* on :substitute.
409417
410418 " Execute a list of :substitute command tests
diff -r e268594d460a -r 23fef64352a1 src/userfunc.c
--- a/src/userfunc.c Sat Nov 09 21:30:04 2019 +0100
+++ b/src/userfunc.c Sat Nov 09 22:30:04 2019 +0100
@@ -1588,7 +1588,8 @@
15881588 else if (fp != NULL)
15891589 {
15901590 if (funcexe->argv_func != NULL)
1591- argcount = funcexe->argv_func(argcount, argvars,
1591+ // postponed filling in the arguments, do it now
1592+ argcount = funcexe->argv_func(argcount, argvars, argv_clear,
15921593 fp->uf_args.ga_len);
15931594
15941595 if (funcexe->basetv != NULL)
diff -r e268594d460a -r 23fef64352a1 src/version.c
--- a/src/version.c Sat Nov 09 21:30:04 2019 +0100
+++ b/src/version.c Sat Nov 09 22:30:04 2019 +0100
@@ -742,6 +742,8 @@
742742 static int included_patches[] =
743743 { /* Add new patch number below this line */
744744 /**/
745+ 2280,
746+/**/
745747 2279,
746748 /**/
747749 2278,
Show on old repository browser