neovim

Neovim text editor
git clone https://git.dasho.dev/neovim.git
Log | Files | Refs | README
commit 771564b00e5b64ac74be443dde84e160bc7fce05
parent 8543de3a862d55a762c130aa6a9d0e2a6c0b4838
Author: zeertzjq <zeertzjq@outlook.com>
Date:   Mon, 25 Jul 2022 20:09:23 +0800

vim-patch:8.2.5164: invalid memory access after diff buffer manipulations

Problem:    Invalid memory access after diff buffer manipulations.
Solution:   Use zero offset when change removes all lines in a diff block.
https://github.com/vim/vim/commit/c101abff4c6756db4f5e740fde289decb9452efa

Diffstat:

Msrc/nvim/diff.c | 6++----


Msrc/nvim/testdir/test_diffmode.vim | 12++++++++++++


2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/nvim/diff.c b/src/nvim/diff.c
@@ -372,9 +372,8 @@ static void diff_mark_adjust_tp(tabpage_T *tp, int idx, linenr_T line1, linenr_T
 
         // 2. 3. 4. 5.: inserted/deleted lines touching this diff.
         if (deleted > 0) {
+          off = 0;
           if (dp->df_lnum[idx] >= line1) {
-            off = dp->df_lnum[idx] - lnum_deleted;
-
             if (last <= line2) {
               // 4. delete all lines of diff
               if ((dp->df_next != NULL)
@@ -391,14 +390,13 @@ static void diff_mark_adjust_tp(tabpage_T *tp, int idx, linenr_T line1, linenr_T
               dp->df_count[idx] = 0;
             } else {
               // 5. delete lines at or just before top of diff
+              off = dp->df_lnum[idx] - lnum_deleted;
               n = off;
               dp->df_count[idx] -= line2 - dp->df_lnum[idx] + 1;
               check_unchanged = true;
             }
             dp->df_lnum[idx] = line1;
           } else {
-            off = 0;
-
             if (last < line2) {
               // 2. delete at end of diff
               dp->df_count[idx] -= last - lnum_deleted + 1;
diff --git a/src/nvim/testdir/test_diffmode.vim b/src/nvim/testdir/test_diffmode.vim
@@ -1458,5 +1458,17 @@ func Test_diff_only()
   %bwipe!
 endfunc
 
+" This was causing invalid diff block values
+" FIXME: somehow this causes a valgrind error when run directly but not when
+" run as a test.
+func Test_diff_manipulations()
+  set diff
+  split 0
+  sil! norm RdoobdeuRdoobdeuRdoobdeu
+
+  set nodiff
+  %bwipe!
+endfunc
+
 
 " vim: shiftwidth=2 sts=2 expandtab