]> granicus.if.org Git - vim/commitdiff
patch 9.0.1270: crash when using search stat in narrow screen v9.0.1270
authorzeertzjq <zeertzjq@outlook.com>
Tue, 31 Jan 2023 21:13:38 +0000 (21:13 +0000)
committerBram Moolenaar <Bram@vim.org>
Tue, 31 Jan 2023 21:13:38 +0000 (21:13 +0000)
Problem:    Crash when using search stat in narrow screen.
Solution:   Check length of message. (closes #11921)

src/search.c
src/testdir/test_search_stat.vim
src/version.c

index 9c8cf95d818ccc330f5477cce0c02fb67e06f4a6..1e4464b0c603ce64b66d929eeadc09324f2620e4 100644 (file)
@@ -3154,7 +3154,11 @@ cmdline_search_stat(
        len += 2;
     }
 
-    mch_memmove(msgbuf + STRLEN(msgbuf) - len, t, len);
+    size_t msgbuf_len = STRLEN(msgbuf);
+    if (len > msgbuf_len)
+       len = msgbuf_len;
+    mch_memmove(msgbuf + msgbuf_len - len, t, len);
+
     if (dirc == '?' && stat.cur == maxcount + 1)
        stat.cur = -1;
 
index b8509ba055cdddf856e790d484372a761e8ed1cb..e205df574b5ec2a9752e594c6c0f35dd7092363a 100644 (file)
@@ -270,6 +270,29 @@ func Test_searchcount_fails()
   call assert_fails('echo searchcount({"pos" : [1, 2, []]})', 'E745:')
 endfunc
 
+func Test_search_stat_narrow_screen()
+  " This used to crash Vim
+  let save_columns = &columns
+  try
+    let after =<< trim [CODE]
+      set laststatus=2
+      set columns=16
+      set shortmess-=S showcmd
+      call setline(1, 'abc')
+      call feedkeys("/abc\<CR>:quit!\<CR>")
+      autocmd VimLeavePre * call writefile(["done"], "Xdone")
+    [CODE]
+
+    if !RunVim([], after, '--clean')
+      return
+    endif
+    call assert_equal("done", readfile("Xdone")[0])
+    call delete('Xdone')
+  finally
+    let &columns = save_columns
+  endtry
+endfunc
+
 func Test_searchcount_in_statusline()
   CheckScreendump
 
index ad663cd650843e9a9af1c6aa7df7c324fbd9396f..a79a9d0b58d726160669c45842020cce7994a6d8 100644 (file)
@@ -695,6 +695,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1270,
 /**/
     1269,
 /**/