From: Christian Brabandt Date: Sun, 23 Feb 2025 19:01:54 +0000 (+0100) Subject: patch 9.1.1143: illegal memory access when putting a register X-Git-Tag: v9.1.1143^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e0029daa3599529d9d438cc51c7ada8580297a39;p=thirdparty%2Fvim.git patch 9.1.1143: illegal memory access when putting a register Problem: illegal memory access when putting a register Solution: make sure cursor column doesn't become negative Signed-off-by: Christian Brabandt --- diff --git a/src/register.c b/src/register.c index a9630f8ef5..ea54e202ef 100644 --- a/src/register.c +++ b/src/register.c @@ -2249,7 +2249,7 @@ error: // Put the '] mark on the first byte of the last inserted character. // Correct the length for change in indent. curbuf->b_op_end.lnum = new_lnum; - col = (colnr_T)y_array[y_size - 1].length - lendiff; + col = MAX(0, (colnr_T)y_array[y_size - 1].length - lendiff); if (col > 1) { curbuf->b_op_end.col = col - 1; diff --git a/src/testdir/test_registers.vim b/src/testdir/test_registers.vim index ee59ecb304..2524453775 100644 --- a/src/testdir/test_registers.vim +++ b/src/testdir/test_registers.vim @@ -1123,4 +1123,21 @@ func Test_register_redir_display() call setreg(1, a[0], a[1]) endfunc +" this caused an illegal memory access and a crash +func Test_register_cursor_column_negative() + CheckRunVimInTerminal + let script =<< trim END + f XREGISTER + call setline(1, 'abcdef a') + call setreg("a", "\n", 'c') + call cursor(1, 7) + call feedkeys("i\\azyx$#\", 't') + END + call writefile(script, 'XRegister123', 'D') + let buf = RunVimInTerminal('-S XRegister123', {}) + call term_sendkeys(buf, "\") + call WaitForAssert({-> assert_match('XREGISTER', term_getline(buf, 19))}) + call StopVimInTerminal(buf) +endfunc + " vim: shiftwidth=2 sts=2 expandtab diff --git a/src/version.c b/src/version.c index 2dfd4c83ec..07bede551a 100644 --- a/src/version.c +++ b/src/version.c @@ -704,6 +704,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ +/**/ + 1143, /**/ 1142, /**/