diff options
| -rw-r--r-- | src/nvim/arglist.c | 5 | ||||
| -rw-r--r-- | src/nvim/memline.c | 2 | ||||
| -rw-r--r-- | src/nvim/ops.c | 3 | ||||
| -rw-r--r-- | test/old/testdir/test_visual.vim | 26 |
4 files changed, 30 insertions, 6 deletions
diff --git a/src/nvim/arglist.c b/src/nvim/arglist.c index bb639edc07..361bb8db12 100644 --- a/src/nvim/arglist.c +++ b/src/nvim/arglist.c @@ -31,6 +31,7 @@ #include "nvim/memline_defs.h" #include "nvim/memory.h" #include "nvim/message.h" +#include "nvim/normal.h" #include "nvim/option.h" #include "nvim/option_vars.h" #include "nvim/os/input.h" @@ -1096,6 +1097,10 @@ static void do_arg_all(int count, int forceit, int keep_tabs) tabpage_T *const new_lu_tp = curtab; + // Stop Visual mode, the cursor and "VIsual" may very well be invalid after + // switching to another buffer. + reset_VIsual_and_resel(); + // Try closing all windows that are not in the argument list. // Also close windows that are not full width; // When 'hidden' or "forceit" set the buffer becomes hidden. diff --git a/src/nvim/memline.c b/src/nvim/memline.c index ce04362a3e..fb7fdfb8b2 100644 --- a/src/nvim/memline.c +++ b/src/nvim/memline.c @@ -1860,7 +1860,7 @@ int gchar_pos(pos_T *pos) FUNC_ATTR_NONNULL_ARG(1) { // When searching columns is sometimes put at the end of a line. - if (pos->col == MAXCOL) { + if (pos->col == MAXCOL || pos->col > ml_get_len(pos->lnum)) { return NUL; } return utf_ptr2char(ml_get_pos(pos)); diff --git a/src/nvim/ops.c b/src/nvim/ops.c index 476c7ee8a4..d51b4cc88b 100644 --- a/src/nvim/ops.c +++ b/src/nvim/ops.c @@ -4345,6 +4345,7 @@ void charwise_block_prep(pos_T start, pos_T end, struct block_def *bdp, linenr_T colnr_T endcol = MAXCOL; colnr_T cs, ce; char *p = ml_get(lnum); + int plen = ml_get_len(lnum); bdp->startspaces = 0; bdp->endspaces = 0; @@ -4394,7 +4395,7 @@ void charwise_block_prep(pos_T start, pos_T end, struct block_def *bdp, linenr_T bdp->textlen = endcol - startcol + inclusive; } bdp->textcol = startcol; - bdp->textstart = p + startcol; + bdp->textstart = startcol <= plen ? p + startcol : p; } /// Handle the add/subtract operator. diff --git a/test/old/testdir/test_visual.vim b/test/old/testdir/test_visual.vim index 39388cbc27..328ac502bf 100644 --- a/test/old/testdir/test_visual.vim +++ b/test/old/testdir/test_visual.vim @@ -470,7 +470,7 @@ func Test_Visual_Block() \ "\t{", \ "\t}"], getline(1, '$')) - close! + bw! endfunc " Test for 'p'ut in visual block mode @@ -1082,7 +1082,7 @@ func Test_star_register() delmarks < > call assert_fails('*yank', 'E20:') - close! + bw! endfunc " Test for changing text in visual mode with 'exclusive' selection @@ -1098,7 +1098,7 @@ func Test_exclusive_selection() call assert_equal('l one', getline(1)) set virtualedit& set selection& - close! + bw! endfunc " Test for starting linewise visual with a count. @@ -1155,7 +1155,7 @@ func Test_visual_inner_block() 8,9d call cursor(5, 1) call assert_beeps('normal ViBiB') - close! + bw! endfunc func Test_visual_put_in_block() @@ -2764,4 +2764,22 @@ func Test_visual_block_exclusive_selection_adjusted() set selection&vim endfunc +" the following caused a Heap-Overflow, because Vim was accessing outside of a +" line end +func Test_visual_pos_buffer_heap_overflow() + set virtualedit=all + args Xa Xb + all + call setline(1, ['', '', '']) + call cursor(3, 1) + wincmd w + call setline(1, 'foobar') + normal! $lv0 + all + call setreg('"', 'baz') + normal! [P + set virtualedit= + bw! Xa Xb +endfunc + " vim: shiftwidth=2 sts=2 expandtab |