patch 8.1.1497: accessing memory beyond allocated space

Problem:    Accessing memory beyond allocated space.
Solution:   Check column before accessing popup mask.

diff --git a/src/screen.c b/src/screen.c
index 512560b8854fe3466f1765040fef9df8bb1ca301..76d9b3c4b0731a8ce20c94815ec2d7a778e50c7e 100644 (file)
--- a/src/screen.c
+++ b/src/screen.c
@@ -6797,35 +6797,40 @@ screen_line(
     if (clear_width > 0
 #ifdef FEAT_TEXT_PROP
            && !(flags & SLF_POPUP)  // no separator for popup window
-           && popup_mask[row * screen_Columns + col + coloff] <= screen_zindex
 #endif
            )
     {
        // For a window that has a right neighbor, draw the separator char
-       // right of the window contents.
+       // right of the window contents.  But not on top of a popup window.
        if (coloff + col < Columns)
        {
-           int c;
-
-           c = fillchar_vsep(&hl);
-           if (ScreenLines[off_to] != (schar_T)c
-                   || (enc_utf8 && (int)ScreenLinesUC[off_to]
-                                                      != (c >= 0x80 ? c : 0))
-                   || ScreenAttrs[off_to] != hl)
+#ifdef FEAT_TEXT_PROP
+           if (popup_mask[row * screen_Columns + col + coloff]
+                                                            <= screen_zindex)
+#endif
            {
-               ScreenLines[off_to] = c;
-               ScreenAttrs[off_to] = hl;
-               if (enc_utf8)
+               int c;
+
+               c = fillchar_vsep(&hl);
+               if (ScreenLines[off_to] != (schar_T)c
+                       || (enc_utf8 && (int)ScreenLinesUC[off_to]
+                                                       != (c >= 0x80 ? c : 0))
+                       || ScreenAttrs[off_to] != hl)
                {
-                   if (c >= 0x80)
+                   ScreenLines[off_to] = c;
+                   ScreenAttrs[off_to] = hl;
+                   if (enc_utf8)
                    {
-                       ScreenLinesUC[off_to] = c;
-                       ScreenLinesC[0][off_to] = 0;
+                       if (c >= 0x80)
+                       {
+                           ScreenLinesUC[off_to] = c;
+                           ScreenLinesC[0][off_to] = 0;
+                       }
+                       else
+                           ScreenLinesUC[off_to] = 0;
                    }
-                   else
-                       ScreenLinesUC[off_to] = 0;
+                   screen_char(off_to, row, col + coloff);
                }
-               screen_char(off_to, row, col + coloff);
            }
        }
        else

diff --git a/src/version.c b/src/version.c
index 132329f05380eb2f17e3f3795a3b49c041c1c5d5..8aac5d5f668afa4ac200c5c24e6ee492d7f5f293 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -767,6 +767,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1497,
 /**/
     1496,
 /**/