changeset 13223:e37327129859 v8.0.1486

patch 8.0.1486: accessing invalid memory with "it" commit https://github.com/vim/vim/commit/82846a00ac0c135946c93c48c1657018a5c96b11 Author: Bram Moolenaar <Bram@vim.org> Date: Fri Feb 9 18:09:54 2018 +0100 patch 8.0.1486: accessing invalid memory with "it" Problem: Accessing invalid memory with "it". (Dominique Pelle) Solution: Avoid going over the end of the line. (Christian Brabandt, closes #2532)
author Christian Brabandt <cb@256bit.org>
date Fri, 09 Feb 2018 18:15:04 +0100
parents ee7ccac8928f
children 38cd45e2c97b
files src/search.c src/testdir/test_textobjects.vim src/version.c
diffstat 3 files changed, 18 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/src/search.c
+++ b/src/search.c
@@ -684,11 +684,11 @@ searchit(
 		    && pos->lnum >= 1 && pos->lnum <= buf->b_ml.ml_line_count
 						    && pos->col < MAXCOL - 2)
 	{
-	    ptr = ml_get_buf(buf, pos->lnum, FALSE) + pos->col;
-	    if (*ptr == NUL)
+	    ptr = ml_get_buf(buf, pos->lnum, FALSE);
+	    if ((int)STRLEN(ptr) < pos->col)
 		start_char_len = 1;
 	    else
-		start_char_len = (*mb_ptr2len)(ptr);
+		start_char_len = (*mb_ptr2len)(ptr + pos->col);
 	}
 #endif
 	else
--- a/src/testdir/test_textobjects.vim
+++ b/src/testdir/test_textobjects.vim
@@ -152,3 +152,16 @@ func Test_match()
   call assert_equal(3 , match('abc', '\zs', 3, 1))
   call assert_equal(-1, match('abc', '\zs', 4, 1))
 endfunc
+
+" This was causing an illegal memory access
+func Test_inner_tag()
+  new
+  norm ixxx
+  call feedkeys("v", 'xt')
+  insert
+x
+x
+.
+  norm it
+  q!
+endfunc
--- a/src/version.c
+++ b/src/version.c
@@ -772,6 +772,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1486,
+/**/
     1485,
 /**/
     1484,