# HG changeset patch
# User Bram Moolenaar <Bram@vim.org>
# Date 1595352604 -7200
# Node ID 53ff4dfe6e11a7f0063854c36616ef62a2e0b620
# Parent  0adf0004085a6678c03e9caac48acb6318db8435
patch 8.2.1259: empty group in 'tabline' may cause using an invalid pointer

Commit: https://github.com/vim/vim/commit/f56c95fdad5af521887f8cd7bc15729b5355231d
Author: Bram Moolenaar <Bram@vim.org>
Date:   Tue Jul 21 19:25:18 2020 +0200

    patch 8.2.1259: empty group in 'tabline' may cause using an invalid pointer

    Problem:    Empty group in 'tabline' may cause using an invalid pointer.
    Solution:   Set the group start position. (closes https://github.com/vim/vim/issues/6505)

diff --git a/src/buffer.c b/src/buffer.c
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -4229,12 +4229,19 @@ build_stl_str_hl(
 		}
 		if (n == curitem && group_start_userhl == group_end_userhl)
 		{
+		    // empty group
 		    p = t;
 		    l = 0;
-		    // do not use the highlighting from the removed group
 		    for (n = groupitem[groupdepth] + 1; n < curitem; n++)
+		    {
+			// do not use the highlighting from the removed group
 			if (item[n].type == Highlight)
 			    item[n].type = Empty;
+			// adjust the start position of TabPage to the next
+			// item position
+			if (item[n].type == TabPage)
+			    item[n].start = p;
+		    }
 		}
 	    }
 	    if (l > item[groupitem[groupdepth]].maxwid)
diff --git a/src/testdir/test_tabline.vim b/src/testdir/test_tabline.vim
--- a/src/testdir/test_tabline.vim
+++ b/src/testdir/test_tabline.vim
@@ -112,4 +112,27 @@ func Test_tabline_flags()
   %bw!
 endfunc
 
+function EmptyTabname()
+  return ""
+endfunction
+
+function MakeTabLine() abort
+  let titles = map(range(1, tabpagenr('$')), '"%( %" . v:val . "T%{EmptyTabname()}%T %)"')
+  let sep = 'あ'
+  let tabpages = join(titles, sep)
+  return tabpages .. sep .. '%=%999X X'
+endfunction
+
+func Test_tabline_empty_group()
+  " this was reading invalid memory
+  set tabline=%!MakeTabLine()
+  tabnew
+  redraw!
+
+  tabclose
+  set tabline=
+endfunc
+
+
+
 " vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/version.c b/src/version.c
--- a/src/version.c
+++ b/src/version.c
@@ -755,6 +755,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1259,
+/**/
     1258,
 /**/
     1257,