Mercurial > vim
changeset 31998:bb31c1c6d1ad v9.0.1331
patch 9.0.1331: illegal memory access when using :ball in Visual mode
Commit: https://github.com/vim/vim/commit/e1121b139480f53d1b06f84f3e4574048108fa0b
Author: Pavel Mayorov <pmayorov@cloudlinux.com>
Date: Mon Feb 20 14:35:20 2023 +0000
patch 9.0.1331: illegal memory access when using :ball in Visual mode
Problem: Illegal memory access when using :ball in Visual mode.
Solution: Stop Visual mode when using :ball. (Pavel Mayorov, closes https://github.com/vim/vim/issues/11923)
| author | Bram Moolenaar <Bram@vim.org> |
|---|---|
| date | Mon, 20 Feb 2023 15:45:03 +0100 |
| parents | c7a3b0bfa44b |
| children | d2f8f1ebcf7d |
| files | src/buffer.c src/testdir/test_visual.vim src/version.c |
| diffstat | 3 files changed, 27 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/buffer.c +++ b/src/buffer.c @@ -5402,6 +5402,10 @@ ex_buffer_all(exarg_T *eap) else all = TRUE; + // Stop Visual mode, the cursor and "VIsual" may very well be invalid after + // switching to another buffer. + reset_VIsual_and_resel(); + setpcmark(); #ifdef FEAT_GUI
--- a/src/testdir/test_visual.vim +++ b/src/testdir/test_visual.vim @@ -1534,4 +1534,25 @@ func Test_switch_buffer_ends_visual_mode exe 'bwipe!' buf2 endfunc +" Check fix for the heap-based buffer overflow bug found in the function +" utfc_ptr2len and reported at +" https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e +func Test_heap_buffer_overflow() + enew + set updatecount=0 + + norm R0 + split other + norm R000 + exe "norm \<C-V>l" + ball + call assert_equal(getpos("."), getpos("v")) + call assert_equal('n', mode()) + norm zW + + %bwipe! + set updatecount& +endfunc + + " vim: shiftwidth=2 sts=2 expandtab