]> git.ipfire.org Git - thirdparty/vim.git/commitdiff
projects / thirdparty / vim.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ae3a866)
patch 9.1.1823: diff: w_topline may be invalidated v9.1.1823
authorYee Cheng Chin <ychin.git@gmail.com>
Sat, 4 Oct 2025 10:26:55 +0000 (10:26 +0000)
committerChristian Brabandt <cb@256bit.org>
Sat, 4 Oct 2025 10:26:55 +0000 (10:26 +0000)
Problem:  diff: w_topline may be invalidated
Solution: Update lnum in diff_set_topline()
          (Yee Cheng Chin).

This can happen in ex_diffupdate() for certain edge cases which cause
the logic to now be wrong. This was also the root cause for #18437 where
Vim would crash due to a null pointer dereferencing (said pointer would
not be null under normal circumstances).

related: #18437
closes: #18484

Signed-off-by: Yee Cheng Chin <ychin.git@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
src/diff.c patch | blob | blame | history
src/version.c patch | blob | blame | history

diff --git a/src/diff.c b/src/diff.c
index ec0640c56a97b1d200f2b40345421e1731f7e158..0beee845caee464260fb54e5315c60d7337754fd 100644 (file)
--- a/src/diff.c
+++ b/src/diff.c
@@ -2254,7 +2254,7 @@ calculate_topfill_and_topline(
 
     // move the same amount of virtual lines in the target buffer to find the
     // cursor's line number
-    if (thistopdiff != NULL)
+    if (thistopdiff != NULL) // this should not be null, but just for safety
        curlinenum_to = thistopdiff->df_lnum[toidx];
 
     int virt_lines_left = virtual_lines_passed;
@@ -2681,7 +2681,7 @@ diff_check_fill(win_T *wp, linenr_T lnum)
 diff_set_topline(win_T *fromwin, win_T *towin)
 {
     buf_T      *frombuf = fromwin->w_buffer;
-    linenr_T   lnum = fromwin->w_topline;
+    linenr_T   lnum;
     int                fromidx;
     int                toidx;
     diff_T     *dp;
@@ -2693,6 +2693,7 @@ diff_set_topline(win_T *fromwin, win_T *towin)
     if (curtab->tp_diff_invalid)
        ex_diffupdate(NULL);            // update after a big change
 
+    lnum = fromwin->w_topline;
     towin->w_topfill = 0;
 
     // search for a change that includes "lnum" in the list of diffblocks.
diff --git a/src/version.c b/src/version.c
index 2ff94aba6d47da8546e11e744393d0d5d120dbe5..30a9d76dddae5558465a7997bc53f4c62974c3b5 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -729,6 +729,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1823,
 /**/
     1822,
 /**/
Mirror of https://github.com/vim/vim.git