patch 8.0.1486: accessing invalid memory with "it"

Problem:    Accessing invalid memory with "it". (Dominique Pelle)
Solution:   Avoid going over the end of the line. (Christian Brabandt,
            closes #2532)

diff --git a/src/search.c b/src/search.c
index efcf3d96a494c319e0beadc66976af9908db43d6..8089dcf36938bd760eb385977abcf48aa7ef3ce7 100644 (file)
--- a/src/search.c
+++ b/src/search.c
@@ -684,11 +684,11 @@ searchit(
                    && pos->lnum >= 1 && pos->lnum <= buf->b_ml.ml_line_count
                                                    && pos->col < MAXCOL - 2)
        {
-           ptr = ml_get_buf(buf, pos->lnum, FALSE) + pos->col;
-           if (*ptr == NUL)
+           ptr = ml_get_buf(buf, pos->lnum, FALSE);
+           if ((int)STRLEN(ptr) < pos->col)
                start_char_len = 1;
            else
-               start_char_len = (*mb_ptr2len)(ptr);
+               start_char_len = (*mb_ptr2len)(ptr + pos->col);
        }
 #endif
        else

diff --git a/src/testdir/test_textobjects.vim b/src/testdir/test_textobjects.vim
index 684f197f5f5d50907c4f0c47b2f09680240973e5..17602fbe26ac215dbd6d89d657881ec4d329a1db 100644 (file)
--- a/src/testdir/test_textobjects.vim
+++ b/src/testdir/test_textobjects.vim
@@ -152,3 +152,16 @@ func Test_match()
   call assert_equal(3 , match('abc', '\zs', 3, 1))
   call assert_equal(-1, match('abc', '\zs', 4, 1))
 endfunc
+
+" This was causing an illegal memory access
+func Test_inner_tag()
+  new
+  norm ixxx
+  call feedkeys("v", 'xt')
+  insert
+x
+x
+.
+  norm it
+  q!
+endfunc

diff --git a/src/version.c b/src/version.c
index 963f611fa5992ccc1ee058511a96f918b6cf093a..d3927cbd0bdca695a2c9e3d3789be08c761d1913 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -771,6 +771,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1486,
 /**/
     1485,
 /**/