Mercurial > vim
changeset 19121:a51fee786930 v8.2.0120
patch 8.2.0120: virtcol() does not check arguments to be valid
Commit: https://github.com/vim/vim/commit/b3d33d8570bc49a7f90990572d7f9630a1bfae02
Author: Bram Moolenaar <Bram@vim.org>
Date: Wed Jan 15 20:36:55 2020 +0100
patch 8.2.0120: virtcol() does not check arguments to be valid
Problem: virtcol() does not check arguments to be valid, which may lead to
a crash.
Solution: Check the column to be valid. Do not decrement MAXCOL.
(closes #5480)
| author | Bram Moolenaar <Bram@vim.org> |
|---|---|
| date | Wed, 15 Jan 2020 20:45:04 +0100 |
| parents | 0e5a3e183199 |
| children | 271d016b8bf5 |
| files | src/evalfunc.c src/testdir/test_marks.vim src/version.c |
| diffstat | 3 files changed, 32 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/evalfunc.c +++ b/src/evalfunc.c @@ -6605,7 +6605,7 @@ f_setpos(typval_T *argvars, typval_T *re { if (list2fpos(&argvars[1], &pos, &fnum, &curswant) == OK) { - if (--pos.col < 0) + if (pos.col != MAXCOL && --pos.col < 0) pos.col = 0; if (name[0] == '.' && name[1] == NUL) { @@ -8372,11 +8372,21 @@ f_virtcol(typval_T *argvars, typval_T *r colnr_T vcol = 0; pos_T *fp; int fnum = curbuf->b_fnum; + int len; fp = var2fpos(&argvars[0], FALSE, &fnum); if (fp != NULL && fp->lnum <= curbuf->b_ml.ml_line_count && fnum == curbuf->b_fnum) { + // Limit the column to a valid value, getvvcol() doesn't check. + if (fp->col < 0) + fp->col = 0; + else + { + len = (int)STRLEN(ml_get(fp->lnum)); + if (fp->col > len) + fp->col = len; + } getvvcol(curwin, fp, NULL, NULL, &vcol); ++vcol; }
--- a/src/testdir/test_marks.vim +++ b/src/testdir/test_marks.vim @@ -26,11 +26,11 @@ func Test_Incr_Marks() endfunc func Test_setpos() - new one + new Xone let onebuf = bufnr('%') let onewin = win_getid() call setline(1, ['aaa', 'bbb', 'ccc']) - new two + new Xtwo let twobuf = bufnr('%') let twowin = win_getid() call setline(1, ['aaa', 'bbb', 'ccc']) @@ -63,7 +63,24 @@ func Test_setpos() call setpos("'N", [onebuf, 1, 3, 0]) call assert_equal([onebuf, 1, 3, 0], getpos("'N")) + " try invalid column and check virtcol() call win_gotoid(onewin) + call setpos("'a", [0, 1, 2, 0]) + call assert_equal([0, 1, 2, 0], getpos("'a")) + call setpos("'a", [0, 1, -5, 0]) + call assert_equal([0, 1, 2, 0], getpos("'a")) + call setpos("'a", [0, 1, 0, 0]) + call assert_equal([0, 1, 1, 0], getpos("'a")) + call setpos("'a", [0, 1, 4, 0]) + call assert_equal([0, 1, 4, 0], getpos("'a")) + call assert_equal(4, virtcol("'a")) + call setpos("'a", [0, 1, 5, 0]) + call assert_equal([0, 1, 5, 0], getpos("'a")) + call assert_equal(4, virtcol("'a")) + call setpos("'a", [0, 1, 21341234, 0]) + call assert_equal([0, 1, 21341234, 0], getpos("'a")) + call assert_equal(4, virtcol("'a")) + bwipe! call win_gotoid(twowin) bwipe!