From 0fcfb3ce4275142593a6b63bebf76b1cceb9d674 Mon Sep 17 00:00:00 2001
From: dirkf <fieldhouse@gmx.net>
Date: Sat, 19 Dec 2020 12:15:48 +0000
Subject: [PATCH 1/3] Write entire highlight string for a single-line comment

Was writing `size` chars but the `hl` array was allocated as `rsize` chars.
---
 kilo.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kilo.c b/kilo.c
index 406eb7be..6fd04efc 100644
--- a/kilo.c
+++ b/kilo.c
@@ -412,7 +412,7 @@ void editorUpdateSyntax(erow *row) {
         /* Handle // comments. */
         if (prev_sep && *p == scs[0] && *(p+1) == scs[1]) {
             /* From here to end is a comment */
-            memset(row->hl+i,HL_COMMENT,row->size-i);
+            memset(row->hl+i,HL_COMMENT,row->rsize-i);
             return;
         }
 

From 28bf46d00d684783540dd15792e2bb2bad6ac98d Mon Sep 17 00:00:00 2001
From: dirkf <fieldhouse@gmx.net>
Date: Sat, 19 Dec 2020 12:31:02 +0000
Subject: [PATCH 2/3] Avoid stepping past line end in an incomplete string when
 \ is last char

With `'\` or `"...\` as the last characters on the line, `HL_STRING` could be written beyond the allocated size of the `hl` array, causing heap corruption and SEGV.
---
 kilo.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kilo.c b/kilo.c
index 6fd04efc..eb8d2798 100644
--- a/kilo.c
+++ b/kilo.c
@@ -442,7 +442,7 @@ void editorUpdateSyntax(erow *row) {
         /* Handle "" and '' */
         if (in_string) {
             row->hl[i] = HL_STRING;
-            if (*p == '\\') {
+            if (*p == '\\' && *(p+1)) {
                 row->hl[i+1] = HL_STRING;
                 p += 2; i += 2;
                 prev_sep = 0;

From 531b6fdee6dabe666d7ae1245dd170069e262ba1 Mon Sep 17 00:00:00 2001
From: dirkf <fieldhouse@gmx.net>
Date: Sat, 19 Dec 2020 12:39:42 +0000
Subject: [PATCH 3/3] Avoid invalid memory access if rest of line is shorter
 than some keyword

The test for a keyword would try to read the entire length of each keyword from the line position even if the rest of the line was too short to contain that keyword. A PR was already submitted for this but the author closed it before it could be merged.
---
 kilo.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kilo.c b/kilo.c
index eb8d2798..3ba7513b 100644
--- a/kilo.c
+++ b/kilo.c
@@ -481,12 +481,13 @@ void editorUpdateSyntax(erow *row) {
         /* Handle keywords and lib calls */
         if (prev_sep) {
             int j;
+	    int ileft = row->rsize - i;
             for (j = 0; keywords[j]; j++) {
                 int klen = strlen(keywords[j]);
                 int kw2 = keywords[j][klen-1] == '|';
                 if (kw2) klen--;
 
-                if (!memcmp(p,keywords[j],klen) &&
+                if (klen < ileft && !memcmp(p,keywords[j],klen) &&
                     is_separator(*(p+klen)))
                 {
                     /* Keyword */