# HG changeset patch # User Christian Brabandt # Date 1517084105 -3600 # Node ID cfaa513efa3f10488f8768d11fd25569df397170 # Parent 4e4cb0764f0a282e6f4f9c2259848c2a93fb1bff patch 8.0.1433: illegal memory access after undo commit https://github.com/vim/vim/commit/95dbcbea6d85a5b79d9617ab3863458fdf0217a0 Author: Bram Moolenaar Date: Sat Jan 27 21:01:34 2018 +0100 patch 8.0.1433: illegal memory access after undo Problem: Illegal memory access after undo. (Dominique Pelle) Solution: Avoid the column becomes negative. (Christian Brabandt, closes #2533) diff --git a/src/mbyte.c b/src/mbyte.c --- a/src/mbyte.c +++ b/src/mbyte.c @@ -1784,6 +1784,7 @@ dbcs_ptr2char(char_u *p) * Convert a UTF-8 byte sequence to a wide character. * If the sequence is illegal or truncated by a NUL the first byte is * returned. + * For an overlong sequence this may return zero. * Does not include composing characters, of course. */ int @@ -4112,7 +4113,10 @@ mb_adjustpos(buf_T *buf, pos_T *lp) ) { p = ml_get_buf(buf, lp->lnum, FALSE); - lp->col -= (*mb_head_off)(p, p + lp->col); + if (*p == NUL || (int)STRLEN(p) < lp->col) + lp->col = 0; + else + lp->col -= (*mb_head_off)(p, p + lp->col); #ifdef FEAT_VIRTUALEDIT /* Reset "coladd" when the cursor would be on the right half of a * double-wide character. */ diff --git a/src/testdir/test_undo.vim b/src/testdir/test_undo.vim --- a/src/testdir/test_undo.vim +++ b/src/testdir/test_undo.vim @@ -350,3 +350,12 @@ func Test_cmd_in_reg_undo() only! let @a='' endfunc + +" This used to cause an illegal memory access +func Test_undo_append() + new + call feedkeys("axx\v", 'xt') + undo + norm o + quit +endfunc diff --git a/src/version.c b/src/version.c --- a/src/version.c +++ b/src/version.c @@ -772,6 +772,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 1433, +/**/ 1432, /**/ 1431,