To: vim_dev@googlegroups.com
Subject: Patch 7.3.365
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
------------

Patch 7.3.365
Problem:    Crash when using a large Unicode character in a file that has
	    syntax highlighting. (ngollan)
Solution:   Check for going past the end of the utf tables. (Dominique Pelle)
Files:	    src/mbyte.c


*** ../vim-7.3.364/src/mbyte.c	2011-08-10 13:21:30.000000000 +0200
--- src/mbyte.c	2011-12-08 15:09:13.000000000 +0100
***************
*** 2764,2782 ****
      int			tableSize;
  {
      int start, mid, end; /* indices into table */
  
      start = 0;
!     end = tableSize / sizeof(convertStruct);
      while (start < end)
      {
  	/* need to search further */
! 	mid = (end + start) /2;
  	if (table[mid].rangeEnd < a)
  	    start = mid + 1;
  	else
  	    end = mid;
      }
!     if (table[start].rangeStart <= a && a <= table[start].rangeEnd
  	    && (a - table[start].rangeStart) % table[start].step == 0)
  	return (a + table[start].offset);
      else
--- 2764,2785 ----
      int			tableSize;
  {
      int start, mid, end; /* indices into table */
+     int entries = tableSize / sizeof(convertStruct);
  
      start = 0;
!     end = entries;
      while (start < end)
      {
  	/* need to search further */
! 	mid = (end + start) / 2;
  	if (table[mid].rangeEnd < a)
  	    start = mid + 1;
  	else
  	    end = mid;
      }
!     if (start < entries
! 	    && table[start].rangeStart <= a
! 	    && a <= table[start].rangeEnd
  	    && (a - table[start].rangeStart) % table[start].step == 0)
  	return (a + table[start].offset);
      else
***************
*** 2791,2797 ****
  utf_fold(a)
      int		a;
  {
!     return utf_convert(a, foldCase, sizeof(foldCase));
  }
  
  static convertStruct toLower[] =
--- 2794,2800 ----
  utf_fold(a)
      int		a;
  {
!     return utf_convert(a, foldCase, (int)sizeof(foldCase));
  }
  
  static convertStruct toLower[] =
***************
*** 3119,3125 ****
  	return TOUPPER_LOC(a);
  
      /* For any other characters use the above mapping table. */
!     return utf_convert(a, toUpper, sizeof(toUpper));
  }
  
      int
--- 3122,3128 ----
  	return TOUPPER_LOC(a);
  
      /* For any other characters use the above mapping table. */
!     return utf_convert(a, toUpper, (int)sizeof(toUpper));
  }
  
      int
***************
*** 3152,3158 ****
  	return TOLOWER_LOC(a);
  
      /* For any other characters use the above mapping table. */
!     return utf_convert(a, toLower, sizeof(toLower));
  }
  
      int
--- 3155,3161 ----
  	return TOLOWER_LOC(a);
  
      /* For any other characters use the above mapping table. */
!     return utf_convert(a, toLower, (int)sizeof(toLower));
  }
  
      int
*** ../vim-7.3.364/src/version.c	2011-12-01 20:59:16.000000000 +0100
--- src/version.c	2011-12-08 15:07:53.000000000 +0100
***************
*** 716,717 ****
--- 716,719 ----
  {   /* Add new patch number below this line */
+ /**/
+     365,
  /**/

-- 
Hear about the guy who played a blank tape at full blast?
The mime next door went nuts.

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\  an exciting new programming language -- http://www.Zimbu.org        ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///