patch 9.1.1463: Integer overflow in getmarklist() after linewise operation

Problem:  Integer overflow in getmarklist() after linewise operation.
Solution: Don't add 1 to MAXCOL (zeertzjq)

related: neovim/neovim#34524
closes: #17552

Signed-off-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>

diff --git a/src/mark.c b/src/mark.c
index 9f6a9ccf584e0ad40d96da029f2821ba6107c94b..2b0391981db64de04626fb59a6f1a8e862d4129d 100644 (file)
--- a/src/mark.c
+++ b/src/mark.c
@@ -1464,7 +1464,7 @@ add_mark(list_T *l, char_u *mname, pos_T *pos, int bufnr, char_u *fname)
 
     list_append_number(lpos, bufnr);
     list_append_number(lpos, pos->lnum);
-    list_append_number(lpos, pos->col + 1);
+    list_append_number(lpos, pos->col < MAXCOL ? pos->col + 1 : MAXCOL);
     list_append_number(lpos, pos->coladd);
 
     if (dict_add_string(d, "mark", mname) == FAIL

diff --git a/src/testdir/test_marks.vim b/src/testdir/test_marks.vim
index 20fb3041f244522369054de605a5795e7ec0b2ce..50f005ad18873567d62bcf13af40d95538518d8b 100644 (file)
--- a/src/testdir/test_marks.vim
+++ b/src/testdir/test_marks.vim
@@ -302,6 +302,11 @@ func Test_getmarklist()
   call assert_equal({'mark' : "'r", 'pos' : [bufnr(), 2, 2, 0]},
         \ bufnr()->getmarklist()[0])
   call assert_equal([], {}->getmarklist())
+  normal! yy
+  call assert_equal([
+        \ {'mark': "'[", 'pos': [bufnr(), 2, 1, 0]},
+        \ {'mark': "']", 'pos': [bufnr(), 2, v:maxcol, 0]},
+        \ ], getmarklist(bufnr())[-2:])
   close!
 endfunc
 

diff --git a/src/version.c b/src/version.c
index c9d63e970568c0177a096f03c0a291bc60454936..8d4cbf25533fcbc8200d94eb830e9442e19216e0 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -709,6 +709,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1463,
 /**/
     1462,
 /**/