From: Bram Moolenaar <Bram@vim.org>
Date: Fri, 9 Feb 2018 17:09:54 +0000 (+0100)
Subject: patch 8.0.1486: accessing invalid memory with "it"
X-Git-Tag: v8.0.1486
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=82846a00ac0c135946c93c48c1657018a5c96b11;p=vim

patch 8.0.1486: accessing invalid memory with "it"

Problem:    Accessing invalid memory with "it". (Dominique Pelle)
Solution:   Avoid going over the end of the line. (Christian Brabandt,
            closes #2532)
---

diff --git a/src/search.c b/src/search.c
index efcf3d96a..8089dcf36 100644
--- a/src/search.c
+++ b/src/search.c
@@ -684,11 +684,11 @@ searchit(
 		    && pos->lnum >= 1 && pos->lnum <= buf->b_ml.ml_line_count
 						    && pos->col < MAXCOL - 2)
 	{
-	    ptr = ml_get_buf(buf, pos->lnum, FALSE) + pos->col;
-	    if (*ptr == NUL)
+	    ptr = ml_get_buf(buf, pos->lnum, FALSE);
+	    if ((int)STRLEN(ptr) < pos->col)
 		start_char_len = 1;
 	    else
-		start_char_len = (*mb_ptr2len)(ptr);
+		start_char_len = (*mb_ptr2len)(ptr + pos->col);
 	}
 #endif
 	else
diff --git a/src/testdir/test_textobjects.vim b/src/testdir/test_textobjects.vim
index 684f197f5..17602fbe2 100644
--- a/src/testdir/test_textobjects.vim
+++ b/src/testdir/test_textobjects.vim
@@ -152,3 +152,16 @@ func Test_match()
   call assert_equal(3 , match('abc', '\zs', 3, 1))
   call assert_equal(-1, match('abc', '\zs', 4, 1))
 endfunc
+
+" This was causing an illegal memory access
+func Test_inner_tag()
+  new
+  norm ixxx
+  call feedkeys("v", 'xt')
+  insert
+x
+x
+.
+  norm it
+  q!
+endfunc
diff --git a/src/version.c b/src/version.c
index 963f611fa..d3927cbd0 100644
--- a/src/version.c
+++ b/src/version.c
@@ -771,6 +771,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1486,
 /**/
     1485,
 /**/