commit df0b9e7a5dc8421bddfda1f08b22052a76d34e9f
parent dfd3ac6f48328288eaff37cd4a7ef22c5124231a
Author: zeertzjq <zeertzjq@outlook.com>
Date: Thu, 2 Oct 2025 12:10:28 +0800
vim-patch:9.1.1818: possible crash when calculating topline in diff.c
Problem: possible crash when calculating topline in diff.c
(youngmith)
Solution: Check for pointer being Null before accessing it
fixes: vim/vim#18437
https://github.com/vim/vim/commit/d32b3bb7ebe29f856a054cfd552c68afabd065c3
The POC is likely not applicable to Nvim due to #32160.
Co-authored-by: Christian Brabandt <cb@256bit.org>
Diffstat:
2 files changed, 24 insertions(+), 1 deletion(-)
diff --git a/src/nvim/diff.c b/src/nvim/diff.c
@@ -2052,7 +2052,7 @@ static void calculate_topfill_and_topline(const int fromidx, const int toidx, co
// move the same amount of virtual lines in the target buffer to find the
// cursor's line number
- int curlinenum_to = thistopdiff->df_lnum[toidx];
+ int curlinenum_to = thistopdiff != NULL ? thistopdiff->df_lnum[toidx] : 1;
int virt_lines_left = virtual_lines_passed;
curdif = thistopdiff;
diff --git a/test/old/testdir/test_crash.vim b/test/old/testdir/test_crash.vim
@@ -144,6 +144,28 @@ func Test_crash1_2()
call s:RunCommandAndWait(buf, args ..
\ ' ; echo "crash 5: [OK]" >> '.. result)
+ let file = 'Xdiff'
+ let lines =<< trim END
+ diffs a
+ edit Xdiff
+ file b
+ exe "norm! \<C-w>\<C-w>"
+ exe "norm! \<C-w>\<C-w>"
+ exe "norm! \<C-w>\<C-w>"
+ exe "norm! \<C-w>\<C-w>"
+ exe "norm! \<C-w>\<C-w>"
+ exe "norm! \<C-w>\L"
+ exe "norm! \<C-j>oy\<C-j>"
+ edit Xdiff
+ sil!so
+ END
+ call writefile(lines, file, 'D')
+ let cmn_args = "%s -u NONE -i NONE -X -m -n -e -s -u %s -c ':qa!'"
+ let args = printf(cmn_args, vim, file)
+ call s:RunCommandAndWait(buf, args ..
+ \ ' && echo "crash 6: [OK]" >> '.. result)
+
+
" clean up
exe buf .. "bw!"
exe "sp " .. result
@@ -153,6 +175,7 @@ func Test_crash1_2()
\ 'crash 3: [OK]',
\ 'crash 4: [OK]',
\ 'crash 5: [OK]',
+ \ 'crash 6: [OK]',
\ ]
call assert_equal(expected, getline(1, '$'))
