To: vim-dev@vim.org Subject: Patch 5.5.068 Fcc: outbox From: Bram Moolenaar ------------ Patch 5.5.068 Problem: Crash when a ":while" is used with an argument that has an error. (Sylvain Viart) Solution: Was using an uninitialized index in the cs_line[] array. The crash only happened when the index was far off. Made sure the uninitialized index isn't used. Files: src/ex_docmd.c *** ../vim-5.5.67/src/ex_docmd.c Wed Dec 8 12:52:43 1999 --- src/ex_docmd.c Fri Dec 10 12:33:50 1999 *************** *** 520,527 **** else cstack.cs_had_continue = FALSE; ! /* jump back to the matching ":while"? */ ! if (!did_emsg && cstack.cs_idx >= 0 && (cstack.cs_flags[cstack.cs_idx] & CSF_ACTIVE)) { current_line = cstack.cs_line[cstack.cs_idx]; --- 520,532 ---- else cstack.cs_had_continue = FALSE; ! /* Jump back to the matching ":while". Be careful not to use ! * a cs_line[] from an entry that isn't a ":while": It would ! * make "current_line" invalid and can cause a crash. */ ! if (!did_emsg ! && cstack.cs_idx >= 0 ! && (cstack.cs_flags[cstack.cs_idx] & CSF_WHILE) ! && cstack.cs_line[cstack.cs_idx] >= 0 && (cstack.cs_flags[cstack.cs_idx] & CSF_ACTIVE)) { current_line = cstack.cs_line[cstack.cs_idx]; *************** *** 7233,7238 **** --- 7238,7244 ---- { ++cstack->cs_idx; ++cstack->cs_whilelevel; + cstack->cs_line[cstack->cs_idx] = -1; } cstack->cs_flags[cstack->cs_idx] = CSF_WHILE; *************** *** 7246,7261 **** if (!skip) { ! if (result) cstack->cs_flags[cstack->cs_idx] |= CSF_ACTIVE | CSF_TRUE; ! if (error) ! --cstack->cs_idx; ! else ! /* ! * Set cs_had_while flag, so do_cmdline() will set the line ! * number in cs_line[]. ! */ ! cstack->cs_had_while = TRUE; } } --- 7252,7264 ---- if (!skip) { ! if (result && !error) cstack->cs_flags[cstack->cs_idx] |= CSF_ACTIVE | CSF_TRUE; ! /* ! * Set cs_had_while flag, so do_cmdline() will set the line ! * number in cs_line[]. ! */ ! cstack->cs_had_while = TRUE; } } *************** *** 7332,7338 **** if (!(cstack->cs_flags[cstack->cs_idx] & CSF_WHILE)) { errormsg = (char_u *)":endwhile without :while"; ! while (cstack->cs_idx > 0 && !(cstack->cs_flags[cstack->cs_idx] & CSF_WHILE)) --cstack->cs_idx; } --- 7335,7341 ---- if (!(cstack->cs_flags[cstack->cs_idx] & CSF_WHILE)) { errormsg = (char_u *)":endwhile without :while"; ! while (cstack->cs_idx >= 0 && !(cstack->cs_flags[cstack->cs_idx] & CSF_WHILE)) --cstack->cs_idx; } *** ../vim-5.5.67/src/version.c Thu Dec 9 13:11:45 1999 --- src/version.c Fri Dec 10 12:42:46 1999 *************** *** 420,420 **** --- 420,421 ---- { /* Add new patch number below this line */ + 68, -- ARTHUR: Well, it doesn't matter. Will you go and tell your master that Arthur from the Court of Camelot is here. GUARD #1: Listen, in order to maintain air-speed velocity, a swallow needs to beat its wings 43 times every second, right? ARTHUR: Please! The Quest for the Holy Grail (Monty Python) --/-/---- Bram Moolenaar ---- Bram@moolenaar.net ---- Bram@vim.org ---\-\-- \ \ www.vim.org/iccf www.moolenaar.net www.vim.org / /