From e961cba3cb8281c47f1dc2c2bc031b07504f17d4 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Tue, 18 Sep 2018 21:51:47 +0200
Subject: [PATCH] patch 8.1.0404: accessing invalid memory with long argument
 name

Problem:    Accessing invalid memory with long argument name.
Solution:   Use item_count instead of checking for a terminating NULL.
            (Dominique Pelle, closes #3444)
---
 src/testdir/test_arglist.vim | 7 +++++++
 src/version.c                | 4 +++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/testdir/test_arglist.vim b/src/testdir/test_arglist.vim
index a6c71c9f5f..c558aab7d5 100644
--- a/src/testdir/test_arglist.vim
+++ b/src/testdir/test_arglist.vim
@@ -411,3 +411,10 @@ func Test_arg_all_expand()
   call assert_equal('notexist Xx\ x runtest.vim', expand('##'))
   call delete('Xx x')
 endfunc
+
+func Test_large_arg()
+  " Argument longer or equal to the number of columns used to cause
+  " access to invalid memory.
+  exe 'argadd ' .repeat('x', &columns)
+  args
+endfunc
diff --git a/src/version.c b/src/version.c
index 30b79de151..ec76b99de4 100644
--- a/src/version.c
+++ b/src/version.c
@@ -794,6 +794,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    404,
 /**/
     403,
 /**/
@@ -1725,7 +1727,7 @@ list_in_columns(char_u **items, int size, int current)
     if (Columns < width)
     {
 	/* Not enough screen columns - show one per line */
-	for (i = 0; items[i] != NULL; ++i)
+	for (i = 0; i < item_count; ++i)
 	{
 	    version_msg_wrap(items[i], i == current);
 	    if (msg_col > 0)