From: Bram Moolenaar <Bram@vim.org>
Date: Sun, 4 Sep 2016 18:35:01 +0000 (+0200)
Subject: patch 7.4.2326
X-Git-Tag: v7.4.2326
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d5824ce1b5491df7d2eb0b66189d366fa67b4585;p=vim

patch 7.4.2326
Problem:    Illegal memory access when Visual selection starts in invalid
            position. (Dominique Pelle)
Solution:   Correct position when needed.
---

diff --git a/src/misc2.c b/src/misc2.c
index 7c639d6bb..4d914d233 100644
--- a/src/misc2.c
+++ b/src/misc2.c
@@ -504,6 +504,28 @@ get_cursor_rel_lnum(
     return retval;
 }
 
+/*
+ * Make sure "pos.lnum" and "pos.col" are valid in "buf".
+ * This allows for the col to be on the NUL byte.
+ */
+    void
+check_pos(buf_T *buf, pos_T *pos)
+{
+    char_u *line;
+    colnr_T len;
+
+    if (pos->lnum > buf->b_ml.ml_line_count)
+	pos->lnum = buf->b_ml.ml_line_count;
+
+    if (pos->col > 0)
+    {
+	line = ml_get_buf(buf, pos->lnum, FALSE);
+	len = (colnr_T)STRLEN(line);
+	if (pos->col > len)
+	    pos->col = len;
+    }
+}
+
 /*
  * Make sure curwin->w_cursor.lnum is valid.
  */
diff --git a/src/normal.c b/src/normal.c
index 0f9b23051..edaa740e4 100644
--- a/src/normal.c
+++ b/src/normal.c
@@ -9451,7 +9451,10 @@ get_op_vcol(
 #ifdef FEAT_MBYTE
     /* prevent from moving onto a trail byte */
     if (has_mbyte)
+    {
+	check_pos(curwin->w_buffer, &oap->end);
 	mb_adjustpos(curwin->w_buffer, &oap->end);
+    }
 #endif
 
     getvvcol(curwin, &(oap->start), &oap->start_vcol, NULL, &oap->end_vcol);
diff --git a/src/proto/misc2.pro b/src/proto/misc2.pro
index 70c7dae5b..d18ae2033 100644
--- a/src/proto/misc2.pro
+++ b/src/proto/misc2.pro
@@ -12,6 +12,7 @@ int dec_cursor(void);
 int dec(pos_T *lp);
 int decl(pos_T *lp);
 linenr_T get_cursor_rel_lnum(win_T *wp, linenr_T lnum);
+void check_pos(buf_T *buf, pos_T *pos);
 void check_cursor_lnum(void);
 void check_cursor_col(void);
 void check_cursor_col_win(win_T *win);
diff --git a/src/version.c b/src/version.c
index 95777312d..06fb3ef55 100644
--- a/src/version.c
+++ b/src/version.c
@@ -763,6 +763,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    2326,
 /**/
     2325,
 /**/