updated for version 7.4.256
Problem: Using systemlist() may cause a crash and does not handle NUL
characters properly.
Solution: Increase the reference count, allocate memory by length. (Yasuhiro
Matsumoto)
diff --git a/src/eval.c b/src/eval.c
index 2014deb..275ef48 100644
--- a/src/eval.c
+++ b/src/eval.c
@@ -18334,16 +18334,17 @@
for (i = 0; i < len; ++i)
{
start = res + i;
- for (end = start; i < len && *end != NL; ++end)
+ while (i < len && res[i] != NL)
++i;
+ end = res + i;
- s = vim_strnsave(start, (int)(end - start));
+ s = alloc((unsigned)(end - start + 1));
if (s == NULL)
goto errret;
- for (p = s, end = s + (end - start); p < end; ++p)
- if (*p == NUL)
- *p = NL;
+ for (p = s; start < end; ++p, ++start)
+ *p = *start == NUL ? NL : *start;
+ *p = NUL;
li = listitem_alloc();
if (li == NULL)
@@ -18356,6 +18357,7 @@
list_append(list, li);
}
+ ++list->lv_refcount;
rettv->v_type = VAR_LIST;
rettv->vval.v_list = list;
list = NULL;
diff --git a/src/version.c b/src/version.c
index 180a894..1c7c9dd 100644
--- a/src/version.c
+++ b/src/version.c
@@ -735,6 +735,8 @@
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 256,
+/**/
255,
/**/
254,