From abed6a0b1a71e54b143e98678f4daa6818b02f8d Mon Sep 17 00:00:00 2001 From: "Justin M. Keyes" Date: Sun, 11 Feb 2018 13:46:35 +0100 Subject: vim-patch:8.0.1475: invalid memory access in read_redo() Problem: Invalid memory access in read_redo(). (gy741) Solution: Convert the replacement character back from a negative number to CR or NL. (hint by Dominique Pelle, closes vim/vim#2616) https://github.com/vim/vim/commit/f12519dec88251305793f1651f558d16506b4be2 --- src/nvim/normal.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) (limited to 'src/nvim/normal.c') diff --git a/src/nvim/normal.c b/src/nvim/normal.c index bca4a0f93e..0feac03e32 100644 --- a/src/nvim/normal.c +++ b/src/nvim/normal.c @@ -1641,12 +1641,20 @@ void do_pending_operator(cmdarg_T *cap, int old_col, bool gui_yank) prep_redo(oap->regname, cap->count0, get_op_char(oap->op_type), get_extra_op_char(oap->op_type), oap->motion_force, cap->cmdchar, cap->nchar); - else if (cap->cmdchar != ':') + else if (cap->cmdchar != ':') { + int nchar = oap->op_type == OP_REPLACE ? cap->nchar : NUL; + + // reverse what nv_replace() did + if (nchar == REPLACE_CR_NCHAR) { + nchar = CAR; + } else if (nchar == REPLACE_NL_NCHAR) { + nchar = NL; + } prep_redo(oap->regname, 0L, NUL, 'v', get_op_char(oap->op_type), get_extra_op_char(oap->op_type), - oap->op_type == OP_REPLACE - ? cap->nchar : NUL); + nchar); + } if (!redo_VIsual_busy) { redo_VIsual_mode = resel_VIsual_mode; redo_VIsual_vcol = resel_VIsual_vcol; @@ -5854,10 +5862,13 @@ static void nv_replace(cmdarg_T *cap) if (got_int) reset_VIsual(); if (had_ctrl_v) { - if (cap->nchar == '\r') - cap->nchar = -1; - else if (cap->nchar == '\n') - cap->nchar = -2; + // Use a special (negative) number to make a difference between a + // literal CR or NL and a line break. + if (cap->nchar == CAR) { + cap->nchar = REPLACE_CR_NCHAR; + } else if (cap->nchar == NL) { + cap->nchar = REPLACE_NL_NCHAR; + } } nv_operator(cap); return; -- cgit From f26a4d484b486019c90fc55af5e74e33de374bc4 Mon Sep 17 00:00:00 2001 From: "Justin M. Keyes" Date: Sun, 11 Feb 2018 19:02:57 +0100 Subject: lint --- src/nvim/normal.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) (limited to 'src/nvim/normal.c') diff --git a/src/nvim/normal.c b/src/nvim/normal.c index 0feac03e32..8f585aef73 100644 --- a/src/nvim/normal.c +++ b/src/nvim/normal.c @@ -1637,11 +1637,11 @@ void do_pending_operator(cmdarg_T *cap, int old_col, bool gui_yank) /* Prepare for redoing. Only use the nchar field for "r", * otherwise it might be the second char of the operator. */ if (cap->cmdchar == 'g' && (cap->nchar == 'n' - || cap->nchar == 'N')) + || cap->nchar == 'N')) { prep_redo(oap->regname, cap->count0, - get_op_char(oap->op_type), get_extra_op_char(oap->op_type), - oap->motion_force, cap->cmdchar, cap->nchar); - else if (cap->cmdchar != ':') { + get_op_char(oap->op_type), get_extra_op_char(oap->op_type), + oap->motion_force, cap->cmdchar, cap->nchar); + } else if (cap->cmdchar != ':') { int nchar = oap->op_type == OP_REPLACE ? cap->nchar : NUL; // reverse what nv_replace() did @@ -1650,10 +1650,8 @@ void do_pending_operator(cmdarg_T *cap, int old_col, bool gui_yank) } else if (nchar == REPLACE_NL_NCHAR) { nchar = NL; } - prep_redo(oap->regname, 0L, NUL, 'v', - get_op_char(oap->op_type), - get_extra_op_char(oap->op_type), - nchar); + prep_redo(oap->regname, 0L, NUL, 'v', get_op_char(oap->op_type), + get_extra_op_char(oap->op_type), nchar); } if (!redo_VIsual_busy) { redo_VIsual_mode = resel_VIsual_mode; -- cgit