aniani/vim
0
0
Fork 1
mirror of https://github.com/vim/vim.git synced 2025-09-25 03:54:15 -04:00
Code Activity

patch 8.2.4763: using invalid pointer with "V:" in Ex mode

Browse Source 
Problem:    Using invalid pointer with "V:" in Ex mode.
Solution:   Correctly handle the command being changed to "+".
This commit is contained in:
Bram Moolenaar
2022-04-16 18:52:17 +01:00
parent ca7e86c237
commit f50808ed13
3 changed files with 39 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/ex_docmd.c
View File

@@ -2783,7 +2783,9 @@ parse_command_modifiers(
cmdmod_T *cmod, cmdmod_T *cmod,
int skip_only) int skip_only)
{ {
char_u *orig_cmd = eap->cmd;
char_u *cmd_start = NULL; char_u *cmd_start = NULL;
int did_plus_cmd = FALSE;
char_u *p; char_u *p;
int starts_with_colon = FALSE; int starts_with_colon = FALSE;
int vim9script = in_vim9script(); int vim9script = in_vim9script();
@@ -2819,6 +2821,7 @@ parse_command_modifiers(
&& curwin->w_cursor.lnum < curbuf->b_ml.ml_line_count) && curwin->w_cursor.lnum < curbuf->b_ml.ml_line_count)
{ {
eap->cmd = (char_u *)"+"; eap->cmd = (char_u *)"+";
did_plus_cmd = TRUE;
if (!skip_only) if (!skip_only)
ex_pressedreturn = TRUE; ex_pressedreturn = TRUE;
} }
@@ -3105,13 +3108,29 @@ parse_command_modifiers(
// Since the modifiers have been parsed put the colon on top of the // Since the modifiers have been parsed put the colon on top of the
// space: "'<,'>mod cmd" -> "mod:'<,'>cmd // space: "'<,'>mod cmd" -> "mod:'<,'>cmd
// Put eap->cmd after the colon. // Put eap->cmd after the colon.
mch_memmove(cmd_start - 5, cmd_start, eap->cmd - cmd_start); if (did_plus_cmd)
eap->cmd -= 5; {
mch_memmove(eap->cmd - 1, ":'<,'>", 6); size_t len = STRLEN(cmd_start);
// Special case: empty command may have been changed to "+":
// "'<,'>mod" -> "mod'<,'>+
mch_memmove(orig_cmd, cmd_start, len);
STRCPY(orig_cmd + len, "'<,'>+");
}
else
{
mch_memmove(cmd_start - 5, cmd_start, eap->cmd - cmd_start);
eap->cmd -= 5;
mch_memmove(eap->cmd - 1, ":'<,'>", 6);
}
} }
else else
// no modifiers, move the pointer back // No modifiers, move the pointer back.
eap->cmd -= 5; // Special case: empty command may have been changed to "+".
if (did_plus_cmd)
eap->cmd = (char_u *)"'<,'>+";
else
eap->cmd = orig_cmd;
} }
return OK; return OK;

13
src/testdir/test_ex_mode.vim
View File

@@ -250,5 +250,18 @@ func Test_ex_mode_large_indent()
bwipe! bwipe!
endfunc endfunc
" This was accessing illegal memory when using "+" for eap->cmd.
func Test_empty_command_visual_mode()
let lines =<< trim END
r<sfile>
0norm0V:
:qall!
END
call writefile(lines, 'Xexmodescript')
call assert_equal(1, RunVim([], [], '-u NONE -e -s -S Xexmodescript'))
call delete('Xexmodescript')
endfunc
" vim: shiftwidth=2 sts=2 expandtab " vim: shiftwidth=2 sts=2 expandtab

2
src/version.c
View File

@@ -746,6 +746,8 @@ static char *(features[]) =
static int included_patches[] = static int included_patches[] =
{ /* Add new patch number below this line */ { /* Add new patch number below this line */
/**/
4763,
/**/ /**/
4762, 4762,
/**/ /**/