neovim

Neovim text editor
git clone https://git.dasho.dev/neovim.git
Log | Files | Refs | README
commit 527e861cbb9c47411c4ba86dbdb9fc79bde47452
parent 26c906f54dafb37f7bc63e136a7a9373d1053fe1
Author: zeertzjq <zeertzjq@outlook.com>
Date:   Tue, 17 May 2022 08:10:34 +0800

vim-patch:8.2.4969: changing text in Visual mode may cause invalid memory access

Problem:    Changing text in Visual mode may cause invalid memory access.
Solution:   Check the Visual position after making a change.
https://github.com/vim/vim/commit/7ce5b2b590256ce53d6af28c1d203fb3bc1d2d97

Diffstat:

Msrc/nvim/change.c | 4++++


Msrc/nvim/cursor.c | 18++++++++++++++++++


Msrc/nvim/edit.c | 9++-------


Msrc/nvim/testdir/test_visual.vim | 10++++++++++


4 files changed, 34 insertions(+), 7 deletions(-)

diff --git a/src/nvim/change.c b/src/nvim/change.c
@@ -209,6 +209,10 @@ static void changed_common(linenr_T lnum, colnr_T col, linenr_T lnume, long xtra
     curwin->w_changelistidx = curbuf->b_changelistlen;
   }
 
+  if (VIsual_active) {
+    check_visual_pos();
+  }
+
   FOR_ALL_TAB_WINDOWS(tp, wp) {
     if (wp->w_buffer == curbuf) {
       // Mark this window to be redrawn later.
diff --git a/src/nvim/cursor.c b/src/nvim/cursor.c
@@ -399,6 +399,24 @@ void check_cursor(void)
   check_cursor_col();
 }
 
+/// Check if VIsual position is valid, correct it if not.
+/// Can be called when in Visual mode and a change has been made.
+void check_visual_pos(void)
+{
+  if (VIsual.lnum > curbuf->b_ml.ml_line_count) {
+    VIsual.lnum = curbuf->b_ml.ml_line_count;
+    VIsual.col = 0;
+    VIsual.coladd = 0;
+  } else {
+    int len = (int)STRLEN(ml_get(VIsual.lnum));
+
+    if (VIsual.col > len) {
+      VIsual.col = len;
+      VIsual.coladd = 0;
+    }
+  }
+}
+
 /// Make sure curwin->w_cursor is not on the NUL at the end of the line.
 /// Allow it when in Visual mode and 'selection' is not "old".
 void adjust_cursor_col(void)
diff --git a/src/nvim/edit.c b/src/nvim/edit.c
@@ -6770,13 +6770,8 @@ static void stop_insert(pos_T *end_insert_pos, int esc, int nomove)
 
       // <C-S-Right> may have started Visual mode, adjust the position for
       // deleted characters.
-      if (VIsual_active && VIsual.lnum == curwin->w_cursor.lnum) {
-        int len = (int)STRLEN(get_cursor_line_ptr());
-
-        if (VIsual.col > len) {
-          VIsual.col = len;
-          VIsual.coladd = 0;
-        }
+      if (VIsual_active) {
+        check_visual_pos();
       }
     }
   }
diff --git a/src/nvim/testdir/test_visual.vim b/src/nvim/testdir/test_visual.vim
@@ -1258,6 +1258,16 @@ func Test_visual_block_append_invalid_char()
   set isprint&
 endfunc
 
+func Test_visual_block_with_substitute()
+  " this was reading beyond the end of the line
+  new
+  norm a0)
+  sil! norm  O
+  s/)
+  sil! norm 
+  bwipe!
+endfunc
+
 func Test_visual_reselect_with_count()
   " this was causing an illegal memory access
   let lines =<< trim END