diff options
author | Bram Moolenaar <Bram@vim.org> | 2023-01-08 20:31:18 +0000 |
---|---|---|
committer | Bram Moolenaar <Bram@vim.org> | 2023-01-08 20:31:18 +0000 |
commit | e01e5215f927f83778ad7494abb0007aa52d08c3 (patch) | |
tree | 733b0428f47732fcc2cf83ce583aa62d622961b6 | |
parent | 8367716a6e9589d61a771e6c329da05c9b55e61a (diff) | |
download | vim-git-9.0.1160.tar.gz |
patch 9.0.1160: ASAN error for ufunc_T allocated with wrong sizev9.0.1160
Problem: ASAN error for ufunc_T allocated with wrong size.
Solution: Make sure the size can always fit the struct.
-rw-r--r-- | src/userfunc.c | 28 | ||||
-rw-r--r-- | src/version.c | 2 |
2 files changed, 21 insertions, 9 deletions
diff --git a/src/userfunc.c b/src/userfunc.c index 9ac3a4426..bdec34ded 100644 --- a/src/userfunc.c +++ b/src/userfunc.c @@ -641,6 +641,19 @@ get_lambda_name(void) return name; } +/* + * Allocate a "ufunc_T" for a function called "name". + * Makes sure the size is right. + */ + static ufunc_T * +alloc_ufunc(char_u *name) +{ + // When the name is short we need to make sure we allocate enough bytes for + // the whole struct, including any padding. + size_t len = offsetof(ufunc_T, uf_name) + STRLEN(name) + 1; + return alloc_clear(len < sizeof(ufunc_T) ? sizeof(ufunc_T) : len); +} + #if defined(FEAT_LUA) || defined(PROTO) /* * Registers a native C callback which can be called from Vim script. @@ -652,7 +665,7 @@ register_cfunc(cfunc_T cb, cfunc_free_T cb_free, void *state) char_u *name = get_lambda_name(); ufunc_T *fp; - fp = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(name) + 1); + fp = alloc_ufunc(name); if (fp == NULL) return NULL; @@ -1356,7 +1369,7 @@ lambda_function_body( } name = get_lambda_name(); - ufunc = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(name) + 1); + ufunc = alloc_ufunc(name); if (ufunc == NULL) goto erret; set_ufunc_name(ufunc, name); @@ -1557,7 +1570,7 @@ get_lambda_tv( char_u *line_end; char_u *name = get_lambda_name(); - fp = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(name) + 1); + fp = alloc_ufunc(name); if (fp == NULL) goto errret; fp->uf_def_status = UF_NOT_COMPILED; @@ -2558,7 +2571,7 @@ copy_lambda_to_global_func( return FAIL; } - fp = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(global) + 1); + fp = alloc_ufunc(global); if (fp == NULL) return FAIL; @@ -5081,7 +5094,7 @@ define_function( } } - fp = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(name) + 1); + fp = alloc_ufunc(name); if (fp == NULL) goto erret; fp_allocated = TRUE; @@ -5525,10 +5538,7 @@ get_user_func_name(expand_T *xp, int idx) ufunc_T * copy_function(ufunc_T *fp) { - // The struct may have padding, make sure we allocate at least the size of - // the struct. - size_t len = offsetof(ufunc_T, uf_name) + STRLEN(fp->uf_name) + 1; - ufunc_T *ufunc = alloc_clear(len < sizeof(ufunc_T) ? sizeof(ufunc_T) : len); + ufunc_T *ufunc = alloc_ufunc(fp->uf_name); if (ufunc == NULL) return NULL; diff --git a/src/version.c b/src/version.c index a9a54048d..021f1b55b 100644 --- a/src/version.c +++ b/src/version.c @@ -696,6 +696,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 1160, +/**/ 1159, /**/ 1158, |