To: vim_dev@googlegroups.com Subject: Patch 8.2.0120 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.2.0120 Problem: virtcol() does not check arguments to be valid, which may lead to a crash. Solution: Check the column to be valid. Do not decrement MAXCOL. (closes #5480) Files: src/evalfunc.c, src/testdir/test_marks.vim *** ../vim-8.2.0119/src/evalfunc.c 2020-01-11 16:05:19.590287629 +0100 --- src/evalfunc.c 2020-01-15 20:34:45.760954174 +0100 *************** *** 6605,6611 **** { if (list2fpos(&argvars[1], &pos, &fnum, &curswant) == OK) { ! if (--pos.col < 0) pos.col = 0; if (name[0] == '.' && name[1] == NUL) { --- 6605,6611 ---- { if (list2fpos(&argvars[1], &pos, &fnum, &curswant) == OK) { ! if (pos.col != MAXCOL && --pos.col < 0) pos.col = 0; if (name[0] == '.' && name[1] == NUL) { *************** *** 8372,8382 **** --- 8372,8392 ---- colnr_T vcol = 0; pos_T *fp; int fnum = curbuf->b_fnum; + int len; fp = var2fpos(&argvars[0], FALSE, &fnum); if (fp != NULL && fp->lnum <= curbuf->b_ml.ml_line_count && fnum == curbuf->b_fnum) { + // Limit the column to a valid value, getvvcol() doesn't check. + if (fp->col < 0) + fp->col = 0; + else + { + len = (int)STRLEN(ml_get(fp->lnum)); + if (fp->col > len) + fp->col = len; + } getvvcol(curwin, fp, NULL, NULL, &vcol); ++vcol; } *** ../vim-8.2.0119/src/testdir/test_marks.vim 2019-12-27 17:33:23.475080942 +0100 --- src/testdir/test_marks.vim 2020-01-15 20:35:23.572799925 +0100 *************** *** 26,36 **** endfunc func Test_setpos() ! new one let onebuf = bufnr('%') let onewin = win_getid() call setline(1, ['aaa', 'bbb', 'ccc']) ! new two let twobuf = bufnr('%') let twowin = win_getid() call setline(1, ['aaa', 'bbb', 'ccc']) --- 26,36 ---- endfunc func Test_setpos() ! new Xone let onebuf = bufnr('%') let onewin = win_getid() call setline(1, ['aaa', 'bbb', 'ccc']) ! new Xtwo let twobuf = bufnr('%') let twowin = win_getid() call setline(1, ['aaa', 'bbb', 'ccc']) *************** *** 63,69 **** --- 63,86 ---- call setpos("'N", [onebuf, 1, 3, 0]) call assert_equal([onebuf, 1, 3, 0], getpos("'N")) + " try invalid column and check virtcol() call win_gotoid(onewin) + call setpos("'a", [0, 1, 2, 0]) + call assert_equal([0, 1, 2, 0], getpos("'a")) + call setpos("'a", [0, 1, -5, 0]) + call assert_equal([0, 1, 2, 0], getpos("'a")) + call setpos("'a", [0, 1, 0, 0]) + call assert_equal([0, 1, 1, 0], getpos("'a")) + call setpos("'a", [0, 1, 4, 0]) + call assert_equal([0, 1, 4, 0], getpos("'a")) + call assert_equal(4, virtcol("'a")) + call setpos("'a", [0, 1, 5, 0]) + call assert_equal([0, 1, 5, 0], getpos("'a")) + call assert_equal(4, virtcol("'a")) + call setpos("'a", [0, 1, 21341234, 0]) + call assert_equal([0, 1, 21341234, 0], getpos("'a")) + call assert_equal(4, virtcol("'a")) + bwipe! call win_gotoid(twowin) bwipe! *** ../vim-8.2.0119/src/version.c 2020-01-14 22:01:38.870993990 +0100 --- src/version.c 2020-01-15 20:35:43.840717080 +0100 *************** *** 744,745 **** --- 744,747 ---- { /* Add new patch number below this line */ + /**/ + 120, /**/ -- (letter from Mark to Mike, about the film's probable certificate) I would like to get back to the Censor and agree to lose the shits, take the odd Jesus Christ out and lose Oh fuck off, but to retain 'fart in your general direction', 'castanets of your testicles' and 'oral sex' and ask him for an 'A' rating on that basis. "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///