patch 8.2.4419: illegal memory access when using 20 highlights Problem: Illegal memory access when using exactly 20 highlights. Solution: Add one more item in the array. (Brandon Richardson, closes #9800)

commit: a493b6506b67887a1cc2d1c00a896598c3b2d445 [log] [tgz]
author: Brandon Richardson <brandon.richardson@siemens.com> Sat Feb 19 11:45:03 2022 +0000
committer: Bram Moolenaar <Bram@vim.org> Sat Feb 19 11:45:03 2022 +0000
tree: 74131ce6b30567ec0f9c5bf9d80bab929abb5a16
parent: 5921aeb5741fc6e84c870d68c7c35b93ad0c9f87 [diff] [blame]
diff --git a/src/buffer.c b/src/buffer.c
index bb9c773..27e8643 100644
--- a/src/buffer.c
+++ b/src/buffer.c

@@ -4170,8 +4170,11 @@
     {
 	stl_items = ALLOC_MULT(stl_item_T, stl_items_len);
 	stl_groupitem = ALLOC_MULT(int, stl_items_len);
-	stl_hltab  = ALLOC_MULT(stl_hlrec_T, stl_items_len);
-	stl_tabtab = ALLOC_MULT(stl_hlrec_T, stl_items_len);
+
+	// Allocate one more, because the last element is used to indicate the
+	// end of the list.
+	stl_hltab  = ALLOC_MULT(stl_hlrec_T, stl_items_len + 1);
+	stl_tabtab = ALLOC_MULT(stl_hlrec_T, stl_items_len + 1);
     }
 
 #ifdef FEAT_EVAL
@@ -4251,11 +4254,13 @@
 	    if (new_groupitem == NULL)
 		break;
 	    stl_groupitem = new_groupitem;
-	    new_hlrec = vim_realloc(stl_hltab, sizeof(stl_hlrec_T) * new_len);
+	    new_hlrec = vim_realloc(stl_hltab,
+					  sizeof(stl_hlrec_T) * (new_len + 1));
 	    if (new_hlrec == NULL)
 		break;
 	    stl_hltab = new_hlrec;
-	    new_hlrec = vim_realloc(stl_tabtab, sizeof(stl_hlrec_T) * new_len);
+	    new_hlrec = vim_realloc(stl_tabtab,
+					  sizeof(stl_hlrec_T) * (new_len + 1));
 	    if (new_hlrec == NULL)
 		break;
 	    stl_tabtab = new_hlrec;
commit	a493b6506b67887a1cc2d1c00a896598c3b2d445	[log] [tgz]
author	Brandon Richardson <brandon.richardson@siemens.com>	Sat Feb 19 11:45:03 2022 +0000
committer	Bram Moolenaar <Bram@vim.org>	Sat Feb 19 11:45:03 2022 +0000
tree	74131ce6b30567ec0f9c5bf9d80bab929abb5a16
parent	5921aeb5741fc6e84c870d68c7c35b93ad0c9f87 [diff] [blame]