patch 9.1.1463: Integer overflow in getmarklist() after linewise operation
Problem: Integer overflow in getmarklist() after linewise operation.
Solution: Don't add 1 to MAXCOL (zeertzjq)
related: neovim/neovim#34524
closes: #17552
Signed-off-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
diff --git a/src/mark.c b/src/mark.c
index 9f6a9cc..2b03919 100644
--- a/src/mark.c
+++ b/src/mark.c
@@ -1464,7 +1464,7 @@
list_append_number(lpos, bufnr);
list_append_number(lpos, pos->lnum);
- list_append_number(lpos, pos->col + 1);
+ list_append_number(lpos, pos->col < MAXCOL ? pos->col + 1 : MAXCOL);
list_append_number(lpos, pos->coladd);
if (dict_add_string(d, "mark", mname) == FAIL
diff --git a/src/testdir/test_marks.vim b/src/testdir/test_marks.vim
index 20fb304..50f005a 100644
--- a/src/testdir/test_marks.vim
+++ b/src/testdir/test_marks.vim
@@ -302,6 +302,11 @@
call assert_equal({'mark' : "'r", 'pos' : [bufnr(), 2, 2, 0]},
\ bufnr()->getmarklist()[0])
call assert_equal([], {}->getmarklist())
+ normal! yy
+ call assert_equal([
+ \ {'mark': "'[", 'pos': [bufnr(), 2, 1, 0]},
+ \ {'mark': "']", 'pos': [bufnr(), 2, v:maxcol, 0]},
+ \ ], getmarklist(bufnr())[-2:])
close!
endfunc
diff --git a/src/version.c b/src/version.c
index c9d63e9..8d4cbf2 100644
--- a/src/version.c
+++ b/src/version.c
@@ -710,6 +710,8 @@
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 1463,
+/**/
1462,
/**/
1461,