patch 8.2.1259: empty group in 'tabline' may cause using an invalid pointer
Problem: Empty group in 'tabline' may cause using an invalid pointer.
Solution: Set the group start position. (closes #6505)
diff --git a/src/buffer.c b/src/buffer.c
index 40ca25d..54afb13 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -4229,12 +4229,19 @@
}
if (n == curitem && group_start_userhl == group_end_userhl)
{
+ // empty group
p = t;
l = 0;
- // do not use the highlighting from the removed group
for (n = groupitem[groupdepth] + 1; n < curitem; n++)
+ {
+ // do not use the highlighting from the removed group
if (item[n].type == Highlight)
item[n].type = Empty;
+ // adjust the start position of TabPage to the next
+ // item position
+ if (item[n].type == TabPage)
+ item[n].start = p;
+ }
}
}
if (l > item[groupitem[groupdepth]].maxwid)
diff --git a/src/testdir/test_tabline.vim b/src/testdir/test_tabline.vim
index eff9508..6cfed7d 100644
--- a/src/testdir/test_tabline.vim
+++ b/src/testdir/test_tabline.vim
@@ -112,4 +112,27 @@
%bw!
endfunc
+function EmptyTabname()
+ return ""
+endfunction
+
+function MakeTabLine() abort
+ let titles = map(range(1, tabpagenr('$')), '"%( %" . v:val . "T%{EmptyTabname()}%T %)"')
+ let sep = 'あ'
+ let tabpages = join(titles, sep)
+ return tabpages .. sep .. '%=%999X X'
+endfunction
+
+func Test_tabline_empty_group()
+ " this was reading invalid memory
+ set tabline=%!MakeTabLine()
+ tabnew
+ redraw!
+
+ tabclose
+ set tabline=
+endfunc
+
+
+
" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/version.c b/src/version.c
index 1aacd3b..528c8c0 100644
--- a/src/version.c
+++ b/src/version.c
@@ -755,6 +755,8 @@
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 1259,
+/**/
1258,
/**/
1257,