From 6bdf82bf6f9125d88a2135b442e1857704485500 Mon Sep 17 00:00:00 2001
From: Jurica Bradaric <jbradaric@gmail.com>
Date: Tue, 10 May 2016 21:20:42 +0200
Subject: vim-patch:7.4.1052

Problem:    Illegal memory access with weird syntax command. (Dominique Pelle)
Solution:   Check for column past end of line.

https://github.com/vim/vim/commit/04bff88df6211f64731bf8f5afa088e94496db16
---
 src/nvim/syntax.c  | 38 +++++++++++++++++++++-----------------
 src/nvim/version.c |  2 +-
 2 files changed, 22 insertions(+), 18 deletions(-)

(limited to 'src')

diff --git a/src/nvim/syntax.c b/src/nvim/syntax.c
index 41af7af55c..e7eee6eb9b 100644
--- a/src/nvim/syntax.c
+++ b/src/nvim/syntax.c
@@ -2615,33 +2615,37 @@ find_endpos (
                           IF_SYN_TIME(&spp_skip->sp_time));
       spp_skip->sp_prog = regmatch.regprog;
       if (r && regmatch.startpos[0].col <= best_regmatch.startpos[0].col) {
-        /* Add offset to skip pattern match */
+        // Add offset to skip pattern match
         syn_add_end_off(&pos, &regmatch, spp_skip, SPO_ME_OFF, 1);
 
-        /* If the skip pattern goes on to the next line, there is no
-         * match with an end pattern in this line. */
-        if (pos.lnum > startpos->lnum)
+        // If the skip pattern goes on to the next line, there is no
+        // match with an end pattern in this line.
+        if (pos.lnum > startpos->lnum) {
           break;
+        }
 
-        line = ml_get_buf(syn_buf, startpos->lnum, FALSE);
+        line = ml_get_buf(syn_buf, startpos->lnum, false);
+        int line_len = (int)STRLEN(line);
 
-        /* take care of an empty match or negative offset */
-        if (pos.col <= matchcol)
-          ++matchcol;
-        else if (pos.col <= regmatch.endpos[0].col)
+        // take care of an empty match or negative offset
+        if (pos.col <= matchcol) {
+          matchcol++;
+        } else if (pos.col <= regmatch.endpos[0].col) {
           matchcol = pos.col;
-        else
-          /* Be careful not to jump over the NUL at the end-of-line */
+        } else {
+          // Be careful not to jump over the NUL at the end-of-line
           for (matchcol = regmatch.endpos[0].col;
-               line[matchcol] != NUL && matchcol < pos.col;
-               ++matchcol)
-            ;
+               matchcol < line_len && matchcol < pos.col;
+               matchcol++) {
+          }
+        }
 
-        /* if the skip pattern includes end-of-line, break here */
-        if (line[matchcol] == NUL)
+        // if the skip pattern includes end-of-line, break here
+        if (matchcol >= line_len) {
           break;
+        }
 
-        continue;                   /* start with first end pattern again */
+        continue;  // start with first end pattern again
       }
     }
 
diff --git a/src/nvim/version.c b/src/nvim/version.c
index 81137ff1c6..09acafea9b 100644
--- a/src/nvim/version.c
+++ b/src/nvim/version.c
@@ -626,7 +626,7 @@ static int included_patches[] = {
   1055,
   // 1054,
   // 1053,
-  // 1052,
+  1052,
   // 1051,
   // 1050,
   // 1049,
-- 
cgit