From 527e861cbb9c47411c4ba86dbdb9fc79bde47452 Mon Sep 17 00:00:00 2001 From: zeertzjq Date: Tue, 17 May 2022 08:10:34 +0800 Subject: vim-patch:8.2.4969: changing text in Visual mode may cause invalid memory access Problem: Changing text in Visual mode may cause invalid memory access. Solution: Check the Visual position after making a change. https://github.com/vim/vim/commit/7ce5b2b590256ce53d6af28c1d203fb3bc1d2d97 --- src/nvim/change.c | 4 ++++ src/nvim/cursor.c | 18 ++++++++++++++++++ src/nvim/edit.c | 9 ++------- src/nvim/testdir/test_visual.vim | 10 ++++++++++ 4 files changed, 34 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/nvim/change.c b/src/nvim/change.c index a21665dc23..94e5a19edc 100644 --- a/src/nvim/change.c +++ b/src/nvim/change.c @@ -209,6 +209,10 @@ static void changed_common(linenr_T lnum, colnr_T col, linenr_T lnume, long xtra curwin->w_changelistidx = curbuf->b_changelistlen; } + if (VIsual_active) { + check_visual_pos(); + } + FOR_ALL_TAB_WINDOWS(tp, wp) { if (wp->w_buffer == curbuf) { // Mark this window to be redrawn later. diff --git a/src/nvim/cursor.c b/src/nvim/cursor.c index 11c734479c..1446257f7e 100644 --- a/src/nvim/cursor.c +++ b/src/nvim/cursor.c @@ -399,6 +399,24 @@ void check_cursor(void) check_cursor_col(); } +/// Check if VIsual position is valid, correct it if not. +/// Can be called when in Visual mode and a change has been made. +void check_visual_pos(void) +{ + if (VIsual.lnum > curbuf->b_ml.ml_line_count) { + VIsual.lnum = curbuf->b_ml.ml_line_count; + VIsual.col = 0; + VIsual.coladd = 0; + } else { + int len = (int)STRLEN(ml_get(VIsual.lnum)); + + if (VIsual.col > len) { + VIsual.col = len; + VIsual.coladd = 0; + } + } +} + /// Make sure curwin->w_cursor is not on the NUL at the end of the line. /// Allow it when in Visual mode and 'selection' is not "old". void adjust_cursor_col(void) diff --git a/src/nvim/edit.c b/src/nvim/edit.c index 357e9184d7..aa77c03b48 100644 --- a/src/nvim/edit.c +++ b/src/nvim/edit.c @@ -6770,13 +6770,8 @@ static void stop_insert(pos_T *end_insert_pos, int esc, int nomove) // may have started Visual mode, adjust the position for // deleted characters. - if (VIsual_active && VIsual.lnum == curwin->w_cursor.lnum) { - int len = (int)STRLEN(get_cursor_line_ptr()); - - if (VIsual.col > len) { - VIsual.col = len; - VIsual.coladd = 0; - } + if (VIsual_active) { + check_visual_pos(); } } } diff --git a/src/nvim/testdir/test_visual.vim b/src/nvim/testdir/test_visual.vim index 42209f8ddd..41c29c5bb0 100644 --- a/src/nvim/testdir/test_visual.vim +++ b/src/nvim/testdir/test_visual.vim @@ -1258,6 +1258,16 @@ func Test_visual_block_append_invalid_char() set isprint& endfunc +func Test_visual_block_with_substitute() + " this was reading beyond the end of the line + new + norm a0) + sil! norm  O + s/) + sil! norm  + bwipe! +endfunc + func Test_visual_reselect_with_count() " this was causing an illegal memory access let lines =<< trim END -- cgit