From 82846a00ac0c135946c93c48c1657018a5c96b11 Mon Sep 17 00:00:00 2001 From: Bram Moolenaar Date: Fri, 9 Feb 2018 18:09:54 +0100 Subject: [PATCH] patch 8.0.1486: accessing invalid memory with "it" Problem: Accessing invalid memory with "it". (Dominique Pelle) Solution: Avoid going over the end of the line. (Christian Brabandt, closes #2532) --- src/search.c | 6 +++--- src/testdir/test_textobjects.vim | 13 +++++++++++++ src/version.c | 2 ++ 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/src/search.c b/src/search.c index efcf3d96a..8089dcf36 100644 --- a/src/search.c +++ b/src/search.c @@ -684,11 +684,11 @@ searchit( && pos->lnum >= 1 && pos->lnum <= buf->b_ml.ml_line_count && pos->col < MAXCOL - 2) { - ptr = ml_get_buf(buf, pos->lnum, FALSE) + pos->col; - if (*ptr == NUL) + ptr = ml_get_buf(buf, pos->lnum, FALSE); + if ((int)STRLEN(ptr) < pos->col) start_char_len = 1; else - start_char_len = (*mb_ptr2len)(ptr); + start_char_len = (*mb_ptr2len)(ptr + pos->col); } #endif else diff --git a/src/testdir/test_textobjects.vim b/src/testdir/test_textobjects.vim index 684f197f5..17602fbe2 100644 --- a/src/testdir/test_textobjects.vim +++ b/src/testdir/test_textobjects.vim @@ -152,3 +152,16 @@ func Test_match() call assert_equal(3 , match('abc', '\zs', 3, 1)) call assert_equal(-1, match('abc', '\zs', 4, 1)) endfunc + +" This was causing an illegal memory access +func Test_inner_tag() + new + norm ixxx + call feedkeys("v", 'xt') + insert +x +x +. + norm it + q! +endfunc diff --git a/src/version.c b/src/version.c index 963f611fa..d3927cbd0 100644 --- a/src/version.c +++ b/src/version.c @@ -771,6 +771,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ +/**/ + 1486, /**/ 1485, /**/ -- 2.50.1