aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJustin M. Keyes <justinkz@gmail.com>2018-01-16 09:08:31 +0100
committerJustin M. Keyes <justinkz@gmail.com>2018-01-16 09:37:55 +0100
commit1be315de37d663ba64c87ba7e647160f01ab48e2 (patch)
tree8d971a21be7ca90b1c0ed66ea2adda1d5a061b70 /src
parent60d6a8b13d2eb5cdc5ab2740a9becc3b24e1eb71 (diff)
downloadrneovim-1be315de37d663ba64c87ba7e647160f01ab48e2.tar.gz
rneovim-1be315de37d663ba64c87ba7e647160f01ab48e2.tar.bz2
rneovim-1be315de37d663ba64c87ba7e647160f01ab48e2.zip
tui: final_column_wrap(): fix row calculation
closes #7572 closes #7579 closes #7628 ASAN report: ==9500==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6040000024c0 at pc 0x00000187d2ca bp 0x7fc3c6e58d10 sp 0x7fc3c6e58d08 READ of size 8 at 0x6040000024c0 thread T1 0 0x187d2c9 in ugrid_put /home/vagrant/neovim/build/../src/nvim/ugrid.c:107:17 1 0x1850adf in tui_put /home/vagrant/neovim/build/../src/nvim/tui/tui.c:1012:10 2 0x18a6ce6 in ui_bridge_put_event /home/vagrant/neovim/build/src/nvim/auto/ui_events_bridge.generated.h:154:3 3 0xa4dcda in multiqueue_process_events /home/vagrant/neovim/build/../src/nvim/event/multiqueue.c:150:7 4 0xa478bf in loop_poll_events /home/vagrant/neovim/build/../src/nvim/event/loop.c:63:3 5 0x185451c in tui_main /home/vagrant/neovim/build/../src/nvim/tui/tui.c:362:12 6 0x18a3080 in ui_thread_run /home/vagrant/neovim/build/../src/nvim/ui_bridge.c:106:3 7 0x7fc3caaac6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9) 8 0x7fc3c9ca33dc in clone /build/glibc-bfm8X4/glibc-2.23/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:109 0x6040000024c0 is located 0 bytes to the right of 48-byte region [0x604000002490,0x6040000024c0) allocated by thread T1 here: 0 0x50e048 in malloc (/home/vagrant/neovim/build/bin/nvim+0x50e048) 1 0xf7ab71 in try_malloc /home/vagrant/neovim/build/../src/nvim/memory.c:87:15 2 0xf7ad99 in xmalloc /home/vagrant/neovim/build/../src/nvim/memory.c:121:15 3 0x187937b in ugrid_resize /home/vagrant/neovim/build/../src/nvim/ugrid.c:32:17 4 0x184be58 in tui_resize /home/vagrant/neovim/build/../src/nvim/tui/tui.c:770:3 5 0x18a3dc8 in ui_bridge_resize_event /home/vagrant/neovim/build/src/nvim/auto/ui_events_bridge.generated.h:4:3 6 0xa4dcda in multiqueue_process_events /home/vagrant/neovim/build/../src/nvim/event/multiqueue.c:150:7 7 0xa478bf in loop_poll_events /home/vagrant/neovim/build/../src/nvim/event/loop.c:63:3 8 0x185451c in tui_main /home/vagrant/neovim/build/../src/nvim/tui/tui.c:362:12 9 0x18a3080 in ui_thread_run /home/vagrant/neovim/build/../src/nvim/ui_bridge.c:106:3 10 0x7fc3caaac6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9) Thread T1 created by T0 here: 0 0x4655ed in __interceptor_pthread_create (/home/vagrant/neovim/build/bin/nvim+0x4655ed) 1 0x1ad87b0 in uv_thread_create /home/vagrant/neovim/.deps/build/src/libuv/src/unix/thread.c:75 2 0x184b9aa in tui_start /home/vagrant/neovim/build/../src/nvim/tui/tui.c:159:10 3 0x188dd4c in ui_builtin_start /home/vagrant/neovim/build/../src/nvim/ui.c:125:3 4 0xe6d399 in main /home/vagrant/neovim/build/../src/nvim/main.c:457:5 5 0x7fc3c9bbc82f in __libc_start_main /build/glibc-bfm8X4/glibc-2.23/csu/../csu/libc-start.c:291
Diffstat (limited to 'src')
-rw-r--r--src/nvim/tui/tui.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/nvim/tui/tui.c b/src/nvim/tui/tui.c
index df5b41a64b..2349bd2ae9 100644
--- a/src/nvim/tui/tui.c
+++ b/src/nvim/tui/tui.c
@@ -500,7 +500,7 @@ static void final_column_wrap(UI *ui)
UGrid *grid = &data->grid;
if (grid->col == ui->width) {
grid->col = 0;
- if (grid->row < ui->height) {
+ if (grid->row < MIN(ui->height, grid->height - 1)) {
grid->row++;
}
}
generated by cgit (git 2.34.1) at 2025-05-09 12:29:04 +0000