commit 2c560d85447fef540881d24c0f8c68b892aa6e19
parent edd99f09c7acc5f0f497746260587674590d0833
Author: Jan Edmund Lazo <jan.lazo@mail.utoronto.ca>
Date: Sat, 13 Dec 2025 01:11:25 -0500
vim-patch:9.0.0025: accessing beyond allocated memory with the cmdline window
Problem: Accessing beyond allocated memory when using the cmdline window in
Ex mode.
Solution: Use "*" instead of "'<,'>" for Visual mode.
https://github.com/vim/vim/commit/c6fdb15d423df22e1776844811d082322475e48a
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Diffstat:
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/src/nvim/ex_docmd.c b/src/nvim/ex_docmd.c
@@ -2777,9 +2777,11 @@ int parse_command_modifiers(exarg_T *eap, const char **errormsg, cmdmod_T *cmod,
size_t len = strlen(cmd_start);
// Special case: empty command uses "+":
- // "'<,'>mods" -> "mods'<,'>+
+ // "'<,'>mods" -> "mods *+
+ // Use "*" instead of "'<,'>" to avoid the command getting
+ // longer, in case is was allocated.
memmove(orig_cmd, cmd_start, len);
- strcpy(orig_cmd + len, "'<,'>+");
+ xmemcpyz(orig_cmd + len, S_LEN(" *+"));
} else {
memmove(cmd_start - 5, cmd_start, (size_t)(eap->cmd - cmd_start));
eap->cmd -= 5;
diff --git a/test/old/testdir/test_cmdline.vim b/test/old/testdir/test_cmdline.vim
@@ -2561,6 +2561,14 @@ func Test_cmdwin_insert_mode_close()
call assert_equal(1, winnr('$'))
endfunc
+func Test_cmdwin_ex_mode_with_modifier()
+ " this was accessing memory after allocated text in Ex mode
+ new
+ call setline(1, ['some', 'text', 'lines'])
+ silent! call feedkeys("gQnormal vq:atopleft\<C-V>\<CR>\<CR>", 'xt')
+ bwipe!
+endfunc
+
" test that ";" works to find a match at the start of the first line
func Test_zero_line_search()
new
