--- a/src/search.c
+++ b/src/search.c
@@ -1548,6 +1548,7 @@ do_search(
 			{
 			    vim_free(msgbuf);
 			    msgbuf = r;
+			    msgbuflen = STRLEN(msgbuf);
 			    // move reversed text to beginning of buffer
 			    while (*r != NUL && *r == ' ')
 				r++;

new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..dfbfe2c9a611aad20c444aec335a11c9edf0ebf6
GIT binary patch
literal 314
zc$_oj1p-aY9IoR33dPBssrhM)3jd2U^2_rLbqu9z|CVq9X)Xn>q(lXVCVhRb23)|N
zE3bipfq^S8FSWQNHAN**Oib*hwwRbJkS^m&Fq~h|0JJ0(WXb<}1{SV*1~CP$;>?`X
zyb{H{{G#0drFo_GIgB3FMmmNDaWN_XQ~rBYJLni10@*>;hB~?i!ayJmaxTx`NyVup
zVVNKSeSKbiAYf1cnO&5_1vIMRzltzk@R2ts73gQpwCL#Kl4M;@PR_u<K+dwHTrNj9
gm@j}XQc<ym06&#L21W)3F#)h=GK=L5c@>1~0fGrtiU0rr

--- a/src/testdir/test_crash.vim
+++ b/src/testdir/test_crash.vim
@@ -150,6 +150,13 @@ func Test_crash1_2()
     \ ' ; echo "crash 4: [OK]" >> '.. result .. "\<cr>")
   call TermWait(buf, 150)
 
+  let file = 'crash/reverse_text_overflow'
+  let cmn_args = "%s -u NONE -i NONE -n -X -m -n -e -s -S %s -c ':qa!'"
+  let args = printf(cmn_args, vim, file)
+  call term_sendkeys(buf, args ..
+    \ ' ; echo "crash 5: [OK]" >> '.. result .. "\<cr>")
+  call TermWait(buf, 150)
+
   " clean up
   exe buf .. "bw!"
   exe "sp " .. result
@@ -158,6 +165,7 @@ func Test_crash1_2()
       \ 'crash 2: [OK]',
       \ 'crash 3: [OK]',
       \ 'crash 4: [OK]',
+      \ 'crash 5: [OK]',
       \ ]
 
   call assert_equal(expected, getline(1, '$'))
@@ -201,6 +209,7 @@ func Test_crash1_3()
   let args = printf(cmn_args, vim, file)
   call term_sendkeys(buf, args)
   call TermWait(buf, 150)
+  call delete('Untitled')
 
   let file = 'crash/nullpointer'
   let cmn_args = "%s -u NONE -i NONE -n -e -s -S %s -c ':qa!'\<cr>"

--- a/src/version.c
+++ b/src/version.c
@@ -705,6 +705,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    689,
+/**/
     688,
 /**/
     687,