patch 8.0.1433: illegal memory access after undo
Problem: Illegal memory access after undo. (Dominique Pelle)
Solution: Avoid the column becomes negative. (Christian Brabandt,
closes #2533)
diff --git a/src/mbyte.c b/src/mbyte.c
index 742c220..5ed321e 100644
--- a/src/mbyte.c
+++ b/src/mbyte.c
@@ -1784,6 +1784,7 @@
* Convert a UTF-8 byte sequence to a wide character.
* If the sequence is illegal or truncated by a NUL the first byte is
* returned.
+ * For an overlong sequence this may return zero.
* Does not include composing characters, of course.
*/
int
@@ -4112,7 +4113,10 @@
)
{
p = ml_get_buf(buf, lp->lnum, FALSE);
- lp->col -= (*mb_head_off)(p, p + lp->col);
+ if (*p == NUL || (int)STRLEN(p) < lp->col)
+ lp->col = 0;
+ else
+ lp->col -= (*mb_head_off)(p, p + lp->col);
#ifdef FEAT_VIRTUALEDIT
/* Reset "coladd" when the cursor would be on the right half of a
* double-wide character. */
diff --git a/src/testdir/test_undo.vim b/src/testdir/test_undo.vim
index 30164a6..b723586 100644
--- a/src/testdir/test_undo.vim
+++ b/src/testdir/test_undo.vim
@@ -350,3 +350,12 @@
only!
let @a=''
endfunc
+
+" This used to cause an illegal memory access
+func Test_undo_append()
+ new
+ call feedkeys("axx\<Esc>v", 'xt')
+ undo
+ norm o
+ quit
+endfunc
diff --git a/src/version.c b/src/version.c
index 2a3460e..6ebb01a 100644
--- a/src/version.c
+++ b/src/version.c
@@ -772,6 +772,8 @@
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 1433,
+/**/
1432,
/**/
1431,