From: Christian Brabandt <cb@256bit.org>
Date: Sat, 31 Aug 2024 15:58:16 +0000 (+0200)
Subject: patch 9.1.0707: [security]: invalid cursor position may cause a crash
X-Git-Tag: v9.1.0707^0
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=396fd1ec2956;p=thirdparty%2Fvim.git

patch 9.1.0707: [security]: invalid cursor position may cause a crash

Problem:  [security]: invalid cursor position may cause a crash
          (after v9.1.0038)
Solution: Set cursor to the last character in a line, if it would
          otherwise point to beyond the line; no tests added, as it
          is unclear how to reproduce this.

Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh

Co-authored-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
---

diff --git a/src/charset.c b/src/charset.c
index 19b089526a..399f258251 100644
--- a/src/charset.c
+++ b/src/charset.c
@@ -1678,6 +1678,9 @@ getvcol(
     }
     clear_chartabsize_arg(&cts);
 
+    if (*ptr == NUL && pos->col < MAXCOL && pos->col > ptr - line)
+	pos->col = ptr - line;
+
     if (start != NULL)
 	*start = vcol + head;
     if (end != NULL)
diff --git a/src/version.c b/src/version.c
index b88ec9de3e..935b533efd 100644
--- a/src/version.c
+++ b/src/version.c
@@ -704,6 +704,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    707,
 /**/
     706,
 /**/