commit 1c864093f93b0066de25d6c0ddf03a6bc6b1c870
author Bram Moolenaar <Bram@vim.org> Sun Aug 06 18:15:45 2017 +0200
committer Bram Moolenaar <Bram@vim.org> Sun Aug 06 18:15:45 2017 +0200
tree d347a56a3addc4016581a4f4b1c5a465d470d48d
parent 4535654246936de13eafd4e049b0a1991521fba4

patch 8.0.0883: invalid memory access with nonsensical script

Problem:    Invalid memory access with nonsensical script.
Solution:   Check "dstlen" being positive. (Dominique Pelle)

src/misc1.c

diff --git a/src/misc1.c b/src/misc1.c
index 4e51bed..5f8b092 100644
--- a/src/misc1.c
+++ b/src/misc1.c
@@ -4180,13 +4180,18 @@
 	    }
 	    else if ((src[0] == ' ' || src[0] == ',') && !one)
 		at_start = TRUE;
-	    *dst++ = *src++;
-	    --dstlen;
+	    if (dstlen > 0)
+	    {
+		*dst++ = *src++;
+		--dstlen;
 
-	    if (startstr != NULL && src - startstr_len >= srcp
-		    && STRNCMP(src - startstr_len, startstr, startstr_len) == 0)
-		at_start = TRUE;
+		if (startstr != NULL && src - startstr_len >= srcp
+			&& STRNCMP(src - startstr_len, startstr,
+							    startstr_len) == 0)
+		    at_start = TRUE;
+	    }
 	}
+
     }
     *dst = NUL;
 }