To: vim_dev@googlegroups.com
Subject: Patch 8.2.4419
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
------------

Patch 8.2.4419
Problem:    Illegal memory access when using exactly 20 highlights.
Solution:   Add one more item in the array. (Brandon Richardson,
            closes #9800)
Files:      src/buffer.c, src/testdir/test_tabline.vim


*** ../vim-8.2.4418/src/buffer.c	2022-02-15 16:17:39.496253454 +0000
--- src/buffer.c	2022-02-19 11:35:54.993145923 +0000
***************
*** 4170,4177 ****
      {
  	stl_items = ALLOC_MULT(stl_item_T, stl_items_len);
  	stl_groupitem = ALLOC_MULT(int, stl_items_len);
! 	stl_hltab  = ALLOC_MULT(stl_hlrec_T, stl_items_len);
! 	stl_tabtab = ALLOC_MULT(stl_hlrec_T, stl_items_len);
      }
  
  #ifdef FEAT_EVAL
--- 4170,4180 ----
      {
  	stl_items = ALLOC_MULT(stl_item_T, stl_items_len);
  	stl_groupitem = ALLOC_MULT(int, stl_items_len);
! 
! 	// Allocate one more, because the last element is used to indicate the
! 	// end of the list.
! 	stl_hltab  = ALLOC_MULT(stl_hlrec_T, stl_items_len + 1);
! 	stl_tabtab = ALLOC_MULT(stl_hlrec_T, stl_items_len + 1);
      }
  
  #ifdef FEAT_EVAL
***************
*** 4251,4261 ****
  	    if (new_groupitem == NULL)
  		break;
  	    stl_groupitem = new_groupitem;
! 	    new_hlrec = vim_realloc(stl_hltab, sizeof(stl_hlrec_T) * new_len);
  	    if (new_hlrec == NULL)
  		break;
  	    stl_hltab = new_hlrec;
! 	    new_hlrec = vim_realloc(stl_tabtab, sizeof(stl_hlrec_T) * new_len);
  	    if (new_hlrec == NULL)
  		break;
  	    stl_tabtab = new_hlrec;
--- 4254,4266 ----
  	    if (new_groupitem == NULL)
  		break;
  	    stl_groupitem = new_groupitem;
! 	    new_hlrec = vim_realloc(stl_hltab,
! 					  sizeof(stl_hlrec_T) * (new_len + 1));
  	    if (new_hlrec == NULL)
  		break;
  	    stl_hltab = new_hlrec;
! 	    new_hlrec = vim_realloc(stl_tabtab,
! 					  sizeof(stl_hlrec_T) * (new_len + 1));
  	    if (new_hlrec == NULL)
  		break;
  	    stl_tabtab = new_hlrec;
*** ../vim-8.2.4418/src/testdir/test_tabline.vim	2020-08-12 17:50:31.887655765 +0100
--- src/testdir/test_tabline.vim	2022-02-19 11:31:34.237412143 +0000
***************
*** 134,139 ****
--- 134,150 ----
    set tabline=
  endfunc
  
+ " When there are exactly 20 tabline format items (the exact size of the
+ " initial tabline items array), test that we don't write beyond the size
+ " of the array.
+ func Test_tabline_20_format_items_no_overrun()
+   set showtabline=2
  
+   let tabline = repeat('%#StatColorHi2#', 20)
+   let &tabline = tabline
+   redrawtabline
+ 
+   set showtabline& tabline&
+ endfunc
  
  " vim: shiftwidth=2 sts=2 expandtab
*** ../vim-8.2.4418/src/version.c	2022-02-19 11:19:29.821776577 +0000
--- src/version.c	2022-02-19 11:33:24.773303939 +0000
***************
*** 752,753 ****
--- 752,755 ----
  {   /* Add new patch number below this line */
+ /**/
+     4419,
  /**/

-- 
Proof techniques #2: Proof by Oddity.
	SAMPLE: To prove that horses have an infinite number of legs.
(1) Horses have an even number of legs.
(2) They have two legs in back and fore legs in front.
(3) This makes a total of six legs, which certainly is an odd number of
    legs for a horse.
(4) But the only number that is both odd and even is infinity.
(5) Therefore, horses must have an infinite number of legs.

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
///                                                                      \\\
\\\        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///