# HG changeset patch
# User Bram Moolenaar <Bram@vim.org>
# Date 1590339603 -7200
# Node ID 9fd5414e294c1ea7c118650663c2d2870d482c68
# Parent  42e5347ff9b673aeac6dfc63db74f5d0edea8f13
patch 8.2.0817: not enough memory allocated when converting string

Commit: https://github.com/vim/vim/commit/f7271e831614d15d173c7f562cc26f48c2554ce9
Author: Bram Moolenaar <Bram@vim.org>
Date:   Sun May 24 18:45:07 2020 +0200

    patch 8.2.0817: not enough memory allocated when converting string

    Problem:    Not enough memory allocated when converting string with special
                character.
    Solution:   Reserve space for modifier code. (closes #6130)

diff --git a/src/eval.c b/src/eval.c
--- a/src/eval.c
+++ b/src/eval.c
@@ -3503,6 +3503,7 @@ get_string_tv(char_u **arg, typval_T *re
     char_u	*p;
     char_u	*name;
     int		extra = 0;
+    int		len;
 
     /*
      * Find the end of the string, skipping backslashed characters.
@@ -3513,9 +3514,10 @@ get_string_tv(char_u **arg, typval_T *re
 	{
 	    ++p;
 	    // A "\<x>" form occupies at least 4 characters, and produces up
-	    // to 6 characters: reserve space for 2 extra
+	    // to 9 characters (6 for the char and 3 for a modifier): reserve
+	    // space for 5 extra.
 	    if (*p == '<')
-		extra += 2;
+		extra += 5;
 	}
     }
 
@@ -3536,7 +3538,8 @@ get_string_tv(char_u **arg, typval_T *re
      * Copy the string into allocated memory, handling backslashed
      * characters.
      */
-    name = alloc(p - *arg + extra);
+    len = (int)(p - *arg + extra);
+    name = alloc(len);
     if (name == NULL)
 	return FAIL;
     rettv->v_type = VAR_STRING;
@@ -3610,6 +3613,8 @@ get_string_tv(char_u **arg, typval_T *re
 			  if (extra != 0)
 			  {
 			      name += extra;
+			      if (name >= rettv->vval.v_string + len)
+				  iemsg("get_string_tv() used more space than allocated");
 			      break;
 			  }
 			  // FALLTHROUGH
diff --git a/src/testdir/test_functions.vim b/src/testdir/test_functions.vim
--- a/src/testdir/test_functions.vim
+++ b/src/testdir/test_functions.vim
@@ -2278,6 +2278,8 @@ func Test_nr2char()
   set encoding=utf8
   call assert_equal('a', nr2char(97, 1))
   call assert_equal('a', nr2char(97, 0))
+
+  call assert_equal("\x80\xfc\b\xf4\x80\xfeX\x80\xfeX\x80\xfeX", eval('"\<M-' .. nr2char(0x100000) .. '>"'))
 endfunc
 
 " Test for screenattr(), screenchar() and screenchars() functions
diff --git a/src/version.c b/src/version.c
--- a/src/version.c
+++ b/src/version.c
@@ -747,6 +747,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    817,
+/**/
     816,
 /**/
     815,