patch 8.2.0120: virtcol() does not check arguments to be valid
Problem: virtcol() does not check arguments to be valid, which may lead to
a crash.
Solution: Check the column to be valid. Do not decrement MAXCOL.
(closes #5480)
diff --git a/src/evalfunc.c b/src/evalfunc.c
index 4465fc0..d248f4b 100644
--- a/src/evalfunc.c
+++ b/src/evalfunc.c
@@ -6605,7 +6605,7 @@
{
if (list2fpos(&argvars[1], &pos, &fnum, &curswant) == OK)
{
- if (--pos.col < 0)
+ if (pos.col != MAXCOL && --pos.col < 0)
pos.col = 0;
if (name[0] == '.' && name[1] == NUL)
{
@@ -8372,11 +8372,21 @@
colnr_T vcol = 0;
pos_T *fp;
int fnum = curbuf->b_fnum;
+ int len;
fp = var2fpos(&argvars[0], FALSE, &fnum);
if (fp != NULL && fp->lnum <= curbuf->b_ml.ml_line_count
&& fnum == curbuf->b_fnum)
{
+ // Limit the column to a valid value, getvvcol() doesn't check.
+ if (fp->col < 0)
+ fp->col = 0;
+ else
+ {
+ len = (int)STRLEN(ml_get(fp->lnum));
+ if (fp->col > len)
+ fp->col = len;
+ }
getvvcol(curwin, fp, NULL, NULL, &vcol);
++vcol;
}
diff --git a/src/testdir/test_marks.vim b/src/testdir/test_marks.vim
index 3d04c70..829f40d 100644
--- a/src/testdir/test_marks.vim
+++ b/src/testdir/test_marks.vim
@@ -26,11 +26,11 @@
endfunc
func Test_setpos()
- new one
+ new Xone
let onebuf = bufnr('%')
let onewin = win_getid()
call setline(1, ['aaa', 'bbb', 'ccc'])
- new two
+ new Xtwo
let twobuf = bufnr('%')
let twowin = win_getid()
call setline(1, ['aaa', 'bbb', 'ccc'])
@@ -63,7 +63,24 @@
call setpos("'N", [onebuf, 1, 3, 0])
call assert_equal([onebuf, 1, 3, 0], getpos("'N"))
+ " try invalid column and check virtcol()
call win_gotoid(onewin)
+ call setpos("'a", [0, 1, 2, 0])
+ call assert_equal([0, 1, 2, 0], getpos("'a"))
+ call setpos("'a", [0, 1, -5, 0])
+ call assert_equal([0, 1, 2, 0], getpos("'a"))
+ call setpos("'a", [0, 1, 0, 0])
+ call assert_equal([0, 1, 1, 0], getpos("'a"))
+ call setpos("'a", [0, 1, 4, 0])
+ call assert_equal([0, 1, 4, 0], getpos("'a"))
+ call assert_equal(4, virtcol("'a"))
+ call setpos("'a", [0, 1, 5, 0])
+ call assert_equal([0, 1, 5, 0], getpos("'a"))
+ call assert_equal(4, virtcol("'a"))
+ call setpos("'a", [0, 1, 21341234, 0])
+ call assert_equal([0, 1, 21341234, 0], getpos("'a"))
+ call assert_equal(4, virtcol("'a"))
+
bwipe!
call win_gotoid(twowin)
bwipe!
diff --git a/src/version.c b/src/version.c
index 44bfd6b..e20bf5d 100644
--- a/src/version.c
+++ b/src/version.c
@@ -743,6 +743,8 @@
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 120,
+/**/
119,
/**/
118,