# HG changeset patch
# User Christian Brabandt <cb@256bit.org>
# Date 1473014705 -7200
# Node ID cfb38b57d4077e8252d10948ee8b872dfbb18267
# Parent  3edc6b14299b8c9c1acf112d600b6c05979cbc78
commit https://github.com/vim/vim/commit/d5824ce1b5491df7d2eb0b66189d366fa67b4585
Author: Bram Moolenaar <Bram@vim.org>
Date:   Sun Sep 4 20:35:01 2016 +0200

    patch 7.4.2326
    Problem:    Illegal memory access when Visual selection starts in invalid
                position. (Dominique Pelle)
    Solution:   Correct position when needed.

diff --git a/src/misc2.c b/src/misc2.c
--- a/src/misc2.c
+++ b/src/misc2.c
@@ -505,6 +505,28 @@ get_cursor_rel_lnum(
 }
 
 /*
+ * Make sure "pos.lnum" and "pos.col" are valid in "buf".
+ * This allows for the col to be on the NUL byte.
+ */
+    void
+check_pos(buf_T *buf, pos_T *pos)
+{
+    char_u *line;
+    colnr_T len;
+
+    if (pos->lnum > buf->b_ml.ml_line_count)
+	pos->lnum = buf->b_ml.ml_line_count;
+
+    if (pos->col > 0)
+    {
+	line = ml_get_buf(buf, pos->lnum, FALSE);
+	len = (colnr_T)STRLEN(line);
+	if (pos->col > len)
+	    pos->col = len;
+    }
+}
+
+/*
  * Make sure curwin->w_cursor.lnum is valid.
  */
     void
diff --git a/src/normal.c b/src/normal.c
--- a/src/normal.c
+++ b/src/normal.c
@@ -9451,7 +9451,10 @@ get_op_vcol(
 #ifdef FEAT_MBYTE
     /* prevent from moving onto a trail byte */
     if (has_mbyte)
+    {
+	check_pos(curwin->w_buffer, &oap->end);
 	mb_adjustpos(curwin->w_buffer, &oap->end);
+    }
 #endif
 
     getvvcol(curwin, &(oap->start), &oap->start_vcol, NULL, &oap->end_vcol);
diff --git a/src/proto/misc2.pro b/src/proto/misc2.pro
--- a/src/proto/misc2.pro
+++ b/src/proto/misc2.pro
@@ -12,6 +12,7 @@ int dec_cursor(void);
 int dec(pos_T *lp);
 int decl(pos_T *lp);
 linenr_T get_cursor_rel_lnum(win_T *wp, linenr_T lnum);
+void check_pos(buf_T *buf, pos_T *pos);
 void check_cursor_lnum(void);
 void check_cursor_col(void);
 void check_cursor_col_win(win_T *win);
diff --git a/src/version.c b/src/version.c
--- a/src/version.c
+++ b/src/version.c
@@ -764,6 +764,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    2326,
+/**/
     2325,
 /**/
     2324,