patch 9.1.0413: smoothscroll may cause infinite loop
Problem: smoothscroll may cause infinite loop, with
very narrow windows
(Jaehwang Jung, after v9.1.0280)
Solution: Check for width1 being negative, verify
that win_linetabsize does not overflow
fixes: #14750
closes: #14772
Co-authored-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
diff --git a/src/move.c b/src/move.c
index 3e589ca..dd23268 100644
--- a/src/move.c
+++ b/src/move.c
@@ -1630,6 +1630,7 @@
int width2 = width1 + curwin_col_off2();
int so_cols = so == 0 ? 0 : width1 + (so - 1) * width2;
int space_cols = (curwin->w_height - 1) * width2;
+ int overlap, top, bot;
int size = so == 0 ? 0 : win_linetabsize(curwin, curwin->w_topline,
ml_get(curwin->w_topline), (colnr_T)MAXCOL);
@@ -1639,16 +1640,16 @@
so_cols = space_cols / 2; // Not enough room: put cursor in the middle.
// Not enough screen lines in topline: ignore 'scrolloff'.
- while (so_cols > size && so_cols - width2 >= width1)
+ while (so_cols > size && so_cols - width2 >= width1 && width1 > 0)
so_cols -= width2;
if (so_cols >= width1 && so_cols > size)
so_cols -= width1;
// If there is no marker or we have non-zero scrolloff, just ignore it.
- int overlap = (curwin->w_skipcol == 0 || so_cols != 0) ? 0
+ overlap = (curwin->w_skipcol == 0 || so_cols != 0) ? 0
: sms_marker_overlap(curwin, -1);
- int top = curwin->w_skipcol + overlap + so_cols;
- int bot = curwin->w_skipcol + width1 + (curwin->w_height - 1) * width2
+ top = curwin->w_skipcol + overlap + so_cols;
+ bot = curwin->w_skipcol + width1 + (curwin->w_height - 1) * width2
- so_cols;
validate_virtcol();
colnr_T col = curwin->w_virtcol;