# HG changeset patch
# User Bram Moolenaar <Bram@vim.org>
# Date 1579117504 -3600
# Node ID a51fee786930f0fd763d85125373bcbe3af9dadc
# Parent  0e5a3e18319975421382cfc178cbfaed87a186ad
patch 8.2.0120: virtcol() does not check arguments to be valid

Commit: https://github.com/vim/vim/commit/b3d33d8570bc49a7f90990572d7f9630a1bfae02
Author: Bram Moolenaar <Bram@vim.org>
Date:   Wed Jan 15 20:36:55 2020 +0100

    patch 8.2.0120: virtcol() does not check arguments to be valid

    Problem:    virtcol() does not check arguments to be valid, which may lead to
                a crash.
    Solution:   Check the column to be valid.  Do not decrement MAXCOL.
                (closes #5480)

diff --git a/src/evalfunc.c b/src/evalfunc.c
--- a/src/evalfunc.c
+++ b/src/evalfunc.c
@@ -6605,7 +6605,7 @@ f_setpos(typval_T *argvars, typval_T *re
     {
 	if (list2fpos(&argvars[1], &pos, &fnum, &curswant) == OK)
 	{
-	    if (--pos.col < 0)
+	    if (pos.col != MAXCOL && --pos.col < 0)
 		pos.col = 0;
 	    if (name[0] == '.' && name[1] == NUL)
 	    {
@@ -8372,11 +8372,21 @@ f_virtcol(typval_T *argvars, typval_T *r
     colnr_T	vcol = 0;
     pos_T	*fp;
     int		fnum = curbuf->b_fnum;
+    int		len;
 
     fp = var2fpos(&argvars[0], FALSE, &fnum);
     if (fp != NULL && fp->lnum <= curbuf->b_ml.ml_line_count
 						    && fnum == curbuf->b_fnum)
     {
+	// Limit the column to a valid value, getvvcol() doesn't check.
+	if (fp->col < 0)
+	    fp->col = 0;
+	else
+	{
+	    len = (int)STRLEN(ml_get(fp->lnum));
+	    if (fp->col > len)
+		fp->col = len;
+	}
 	getvvcol(curwin, fp, NULL, NULL, &vcol);
 	++vcol;
     }
diff --git a/src/testdir/test_marks.vim b/src/testdir/test_marks.vim
--- a/src/testdir/test_marks.vim
+++ b/src/testdir/test_marks.vim
@@ -26,11 +26,11 @@ func Test_Incr_Marks()
 endfunc
 
 func Test_setpos()
-  new one
+  new Xone
   let onebuf = bufnr('%')
   let onewin = win_getid()
   call setline(1, ['aaa', 'bbb', 'ccc'])
-  new two
+  new Xtwo
   let twobuf = bufnr('%')
   let twowin = win_getid()
   call setline(1, ['aaa', 'bbb', 'ccc'])
@@ -63,7 +63,24 @@ func Test_setpos()
   call setpos("'N", [onebuf, 1, 3, 0])
   call assert_equal([onebuf, 1, 3, 0], getpos("'N"))
 
+  " try invalid column and check virtcol()
   call win_gotoid(onewin)
+  call setpos("'a", [0, 1, 2, 0])
+  call assert_equal([0, 1, 2, 0], getpos("'a"))
+  call setpos("'a", [0, 1, -5, 0])
+  call assert_equal([0, 1, 2, 0], getpos("'a"))
+  call setpos("'a", [0, 1, 0, 0])
+  call assert_equal([0, 1, 1, 0], getpos("'a"))
+  call setpos("'a", [0, 1, 4, 0])
+  call assert_equal([0, 1, 4, 0], getpos("'a"))
+  call assert_equal(4, virtcol("'a"))
+  call setpos("'a", [0, 1, 5, 0])
+  call assert_equal([0, 1, 5, 0], getpos("'a"))
+  call assert_equal(4, virtcol("'a"))
+  call setpos("'a", [0, 1, 21341234, 0])
+  call assert_equal([0, 1, 21341234, 0], getpos("'a"))
+  call assert_equal(4, virtcol("'a"))
+
   bwipe!
   call win_gotoid(twowin)
   bwipe!
diff --git a/src/version.c b/src/version.c
--- a/src/version.c
+++ b/src/version.c
@@ -743,6 +743,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    120,
+/**/
     119,
 /**/
     118,