summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBram Moolenaar <Bram@vim.org>2023-01-08 20:31:18 +0000
committerBram Moolenaar <Bram@vim.org>2023-01-08 20:31:18 +0000
commite01e5215f927f83778ad7494abb0007aa52d08c3 (patch)
tree733b0428f47732fcc2cf83ce583aa62d622961b6
parent8367716a6e9589d61a771e6c329da05c9b55e61a (diff)
downloadvim-git-9.0.1160.tar.gz
patch 9.0.1160: ASAN error for ufunc_T allocated with wrong sizev9.0.1160
Problem: ASAN error for ufunc_T allocated with wrong size. Solution: Make sure the size can always fit the struct.
-rw-r--r--src/userfunc.c28
-rw-r--r--src/version.c2
2 files changed, 21 insertions, 9 deletions
diff --git a/src/userfunc.c b/src/userfunc.c
index 9ac3a4426..bdec34ded 100644
--- a/src/userfunc.c
+++ b/src/userfunc.c
@@ -641,6 +641,19 @@ get_lambda_name(void)
return name;
}
+/*
+ * Allocate a "ufunc_T" for a function called "name".
+ * Makes sure the size is right.
+ */
+ static ufunc_T *
+alloc_ufunc(char_u *name)
+{
+ // When the name is short we need to make sure we allocate enough bytes for
+ // the whole struct, including any padding.
+ size_t len = offsetof(ufunc_T, uf_name) + STRLEN(name) + 1;
+ return alloc_clear(len < sizeof(ufunc_T) ? sizeof(ufunc_T) : len);
+}
+
#if defined(FEAT_LUA) || defined(PROTO)
/*
* Registers a native C callback which can be called from Vim script.
@@ -652,7 +665,7 @@ register_cfunc(cfunc_T cb, cfunc_free_T cb_free, void *state)
char_u *name = get_lambda_name();
ufunc_T *fp;
- fp = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(name) + 1);
+ fp = alloc_ufunc(name);
if (fp == NULL)
return NULL;
@@ -1356,7 +1369,7 @@ lambda_function_body(
}
name = get_lambda_name();
- ufunc = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(name) + 1);
+ ufunc = alloc_ufunc(name);
if (ufunc == NULL)
goto erret;
set_ufunc_name(ufunc, name);
@@ -1557,7 +1570,7 @@ get_lambda_tv(
char_u *line_end;
char_u *name = get_lambda_name();
- fp = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(name) + 1);
+ fp = alloc_ufunc(name);
if (fp == NULL)
goto errret;
fp->uf_def_status = UF_NOT_COMPILED;
@@ -2558,7 +2571,7 @@ copy_lambda_to_global_func(
return FAIL;
}
- fp = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(global) + 1);
+ fp = alloc_ufunc(global);
if (fp == NULL)
return FAIL;
@@ -5081,7 +5094,7 @@ define_function(
}
}
- fp = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(name) + 1);
+ fp = alloc_ufunc(name);
if (fp == NULL)
goto erret;
fp_allocated = TRUE;
@@ -5525,10 +5538,7 @@ get_user_func_name(expand_T *xp, int idx)
ufunc_T *
copy_function(ufunc_T *fp)
{
- // The struct may have padding, make sure we allocate at least the size of
- // the struct.
- size_t len = offsetof(ufunc_T, uf_name) + STRLEN(fp->uf_name) + 1;
- ufunc_T *ufunc = alloc_clear(len < sizeof(ufunc_T) ? sizeof(ufunc_T) : len);
+ ufunc_T *ufunc = alloc_ufunc(fp->uf_name);
if (ufunc == NULL)
return NULL;
diff --git a/src/version.c b/src/version.c
index a9a54048d..021f1b55b 100644
--- a/src/version.c
+++ b/src/version.c
@@ -696,6 +696,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 1160,
+/**/
1159,
/**/
1158,