From ac261fca96bf55797cc153c3c1eeed913bad3065 Mon Sep 17 00:00:00 2001 From: Bram Moolenaar Date: Fri, 13 Aug 2010 16:51:26 +0200 Subject: Fix illegal memory access when using expressions in the command line. --- runtime/doc/todo.txt | 2 -- src/ex_getln.c | 5 ++++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/runtime/doc/todo.txt b/runtime/doc/todo.txt index 56faa684..dbb5be73 100644 --- a/runtime/doc/todo.txt +++ b/runtime/doc/todo.txt @@ -30,8 +30,6 @@ be worked on, but only if you sponsor Vim development. See |sponsor|. *known-bugs* -------------------- Known bugs and current work ----------------------- -Patch for crash with cmdline editing functions. (Dominique Pelle, 2010 Aug 12) - Have a close look at :find completion, anything that could be wrong? Test 73 fails on MS-Windows when compiled with DJGPP and run twice. How to diff --git a/src/ex_getln.c b/src/ex_getln.c index d2925535..1cf67854 100644 --- a/src/ex_getln.c +++ b/src/ex_getln.c @@ -2527,7 +2527,10 @@ realloc_cmdbuff(len) ccline.cmdbuff = p; /* keep the old one */ return FAIL; } - mch_memmove(ccline.cmdbuff, p, (size_t)ccline.cmdlen + 1); + /* There isn't always a NUL after the command, but it may need to be + * there, thus copy up to the NUL and add a NUL. */ + mch_memmove(ccline.cmdbuff, p, (size_t)ccline.cmdlen); + ccline.cmdbuff[ccline.cmdlen] = NUL; vim_free(p); if (ccline.xpc != NULL -- cgit v1.2.1