From f7271e831614d15d173c7f562cc26f48c2554ce9 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Sun, 24 May 2020 18:45:07 +0200
Subject: [PATCH] patch 8.2.0817: not enough memory allocated when converting
 string

Problem:    Not enough memory allocated when converting string with special
            character.
Solution:   Reserve space for modifier code. (closes #6130)
---
 src/eval.c                     | 11 ++++++++---
 src/testdir/test_functions.vim |  2 ++
 src/version.c                  |  2 ++
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/eval.c b/src/eval.c
index dbc10c1b6..00b6c59df 100644
--- a/src/eval.c
+++ b/src/eval.c
@@ -3503,6 +3503,7 @@ get_string_tv(char_u **arg, typval_T *rettv, int evaluate)
     char_u	*p;
     char_u	*name;
     int		extra = 0;
+    int		len;
 
     /*
      * Find the end of the string, skipping backslashed characters.
@@ -3513,9 +3514,10 @@ get_string_tv(char_u **arg, typval_T *rettv, int evaluate)
 	{
 	    ++p;
 	    // A "\<x>" form occupies at least 4 characters, and produces up
-	    // to 6 characters: reserve space for 2 extra
+	    // to 9 characters (6 for the char and 3 for a modifier): reserve
+	    // space for 5 extra.
 	    if (*p == '<')
-		extra += 2;
+		extra += 5;
 	}
     }
 
@@ -3536,7 +3538,8 @@ get_string_tv(char_u **arg, typval_T *rettv, int evaluate)
      * Copy the string into allocated memory, handling backslashed
      * characters.
      */
-    name = alloc(p - *arg + extra);
+    len = (int)(p - *arg + extra);
+    name = alloc(len);
     if (name == NULL)
 	return FAIL;
     rettv->v_type = VAR_STRING;
@@ -3610,6 +3613,8 @@ get_string_tv(char_u **arg, typval_T *rettv, int evaluate)
 			  if (extra != 0)
 			  {
 			      name += extra;
+			      if (name >= rettv->vval.v_string + len)
+				  iemsg("get_string_tv() used more space than allocated");
 			      break;
 			  }
 			  // FALLTHROUGH
diff --git a/src/testdir/test_functions.vim b/src/testdir/test_functions.vim
index a8506a8f7..712aec4ea 100644
--- a/src/testdir/test_functions.vim
+++ b/src/testdir/test_functions.vim
@@ -2278,6 +2278,8 @@ func Test_nr2char()
   set encoding=utf8
   call assert_equal('a', nr2char(97, 1))
   call assert_equal('a', nr2char(97, 0))
+
+  call assert_equal("\x80\xfc\b\xf4\x80\xfeX\x80\xfeX\x80\xfeX", eval('"\<M-' .. nr2char(0x100000) .. '>"'))
 endfunc
 
 " Test for screenattr(), screenchar() and screenchars() functions
diff --git a/src/version.c b/src/version.c
index f2afc0b44..94084c30d 100644
--- a/src/version.c
+++ b/src/version.c
@@ -746,6 +746,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    817,
 /**/
     816,
 /**/
-- 
2.50.1