Merge pull request #19199 from zeertzjq/vim-9.0.0017

vim-patch:9.0.{0017,0021,0022}: invalid memory access

5 files changed, 52 insertions, 3 deletions

diff --git a/src/nvim/spellfile.c b/src/nvim/spellfile.c
index 07f3d39886..423ed04176 100644
--- a/src/nvim/spellfile.c
+++ b/src/nvim/spellfile.c
@@ -3904,6 +3904,21 @@ static wordnode_T *wordtree_alloc(spellinfo_T *spin)
   return (wordnode_T *)getroom(spin, sizeof(wordnode_T), true);
 }
 
+/// Return true if "word" contains valid word characters.
+/// Control characters and trailing '/' are invalid.  Space is OK.
+static bool valid_spell_word(const char_u *word)
+{
+  if (!utf_valid_string(word, NULL)) {
+    return false;
+  }
+  for (const char_u *p = word; *p != NUL; p += utfc_ptr2len((const char *)p)) {
+    if (*p < ' ' || (p[0] == '/' && p[1] == NUL)) {
+      return false;
+    }
+  }
+  return true;
+}
+
 /// Store a word in the tree(s).
 /// Always store it in the case-folded tree.  For a keep-case word this is
 /// useful when the word can also be used with all caps (no WF_FIXCAP flag) and
@@ -3925,7 +3940,7 @@ static int store_word(spellinfo_T *spin, char_u *word, int flags, int region, co
   int res = OK;
 
   // Avoid adding illegal bytes to the word tree.
-  if (!utf_valid_string(word, NULL)) {
+  if (!valid_spell_word(word)) {
     return FAIL;
   }
 
@@ -5522,7 +5537,7 @@ void spell_add_word(char_u *word, int len, SpellAddType what, int idx, bool undo
   int i;
   char_u *spf;
 
-  if (!utf_valid_string(word, NULL)) {
+  if (!valid_spell_word(word)) {
     emsg(_(e_illegal_character_in_word));
     return;
   }
diff --git a/src/nvim/testdir/test_spell.vim b/src/nvim/testdir/test_spell.vim
index 215d4387d6..d0895a48b4 100644
--- a/src/nvim/testdir/test_spell.vim
+++ b/src/nvim/testdir/test_spell.vim
@@ -699,6 +699,21 @@ func Test_spellsuggest_too_deep()
   bwipe!
 endfunc
 
+func Test_spell_good_word_invalid()
+  " This was adding a word with a 0x02 byte, which causes havoc.
+  enew
+  norm o0
+  sil! norm rzzWs00/
+  2
+  sil! norm VzGprzzW
+  sil! norm z=
+
+  bwipe!
+  " clear the internal word list
+  " set enc=latin1
+  set enc=utf-8
+endfunc
+
 func LoadAffAndDic(aff_contents, dic_contents)
   throw 'skipped: Nvim does not support enc=latin1'
   set enc=latin1
diff --git a/src/nvim/testdir/test_spell_utf8.vim b/src/nvim/testdir/test_spell_utf8.vim
index 3c07e0782b..3d240a8f2c 100644
--- a/src/nvim/testdir/test_spell_utf8.vim
+++ b/src/nvim/testdir/test_spell_utf8.vim
@@ -780,7 +780,12 @@ func Test_no_crash_with_weird_text()
       €
   END
   call setline(1, lines)
-  exe "%norm \<C-v>ez=>\<C-v>wzG"
+  try
+    exe "%norm \<C-v>ez=>\<C-v>wzG"
+  catch /E1280:/
+    let caught = 'yes'
+  endtry
+  call assert_equal('yes', caught)
 
   bwipe!
 endfunc
diff --git a/src/nvim/testdir/test_visual.vim b/src/nvim/testdir/test_visual.vim
index 41c29c5bb0..492750fa66 100644
--- a/src/nvim/testdir/test_visual.vim
+++ b/src/nvim/testdir/test_visual.vim
@@ -1431,5 +1431,17 @@ func Test_visual_paste_clipboard()
   bwipe!
 endfunc
 
+func Test_visual_area_adjusted_when_hiding()
+  " The Visual area ended after the end of the line after :hide
+  call setline(1, 'xxx')
+  vsplit Xfile
+  call setline(1, 'xxxxxxxx')
+  norm! $o
+  hid
+  norm! zW
+  bwipe!
+  bwipe!
+endfunc
+
 
 " vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/nvim/window.c b/src/nvim/window.c
index 9ac027d80f..38597b8b77 100644
--- a/src/nvim/window.c
+++ b/src/nvim/window.c
@@ -2741,6 +2741,8 @@ int win_close(win_T *win, bool free_buf, bool force)
      * to be the last one left, return now.
      */
     if (wp->w_buffer != curbuf) {
+      reset_VIsual_and_resel();  // stop Visual mode
+
       other_buffer = true;
       win->w_closing = true;
       apply_autocmds(EVENT_BUFLEAVE, NULL, NULL, false, curbuf);