Fix illegal memory access when using expressions in the command line.

diff --git a/runtime/doc/todo.txt b/runtime/doc/todo.txt
index 56faa6849301d9b8c8440ed21b5204b2132d6f10..dbb5be73097aa0e2e6f1a576f06d472de9b2df39 100644 (file)
--- a/runtime/doc/todo.txt
+++ b/runtime/doc/todo.txt
@@ -30,8 +30,6 @@ be worked on, but only if you sponsor Vim development.  See |sponsor|.
                                                        *known-bugs*
 -------------------- Known bugs and current work -----------------------
 
-Patch for crash with cmdline editing functions. (Dominique Pelle, 2010 Aug 12)
-
 Have a close look at :find completion, anything that could be wrong?
 
 Test 73 fails on MS-Windows when compiled with DJGPP and run twice.  How to

diff --git a/src/ex_getln.c b/src/ex_getln.c
index d2925535e484a570d1a691b1e1168da3415602d1..1cf67854371a6324ebe4ad6ce401f17741613aab 100644 (file)
--- a/src/ex_getln.c
+++ b/src/ex_getln.c
@@ -2527,7 +2527,10 @@ realloc_cmdbuff(len)
        ccline.cmdbuff = p;             /* keep the old one */
        return FAIL;
     }
-    mch_memmove(ccline.cmdbuff, p, (size_t)ccline.cmdlen + 1);
+    /* There isn't always a NUL after the command, but it may need to be
+     * there, thus copy up to the NUL and add a NUL. */
+    mch_memmove(ccline.cmdbuff, p, (size_t)ccline.cmdlen);
+    ccline.cmdbuff[ccline.cmdlen] = NUL;
     vim_free(p);
 
     if (ccline.xpc != NULL