Blob Blame History Raw
To: vim-dev@vim.org
Subject: Patch 7.2.279
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
------------

Patch 7.2.279
Problem:    Invalid memory read with visual mode "r". (Dominique Pelle)
Solution:   Make sure the cursor position is valid.  Don't check the cursor
	    position but the position being used.  And make sure we get the
	    right line.
Files:	    src/misc2.c, src/ops.c


*** ../vim-7.2.278/src/misc2.c	2009-05-16 21:06:36.000000000 +0200
--- src/misc2.c	2009-11-03 16:43:10.000000000 +0100
***************
*** 156,162 ****
  		    || ((ve_flags & VE_ONEMORE) && wcol < MAXCOL)
  #endif
  		    ;
!     line = ml_get_curline();
  
      if (wcol >= MAXCOL)
      {
--- 156,162 ----
  		    || ((ve_flags & VE_ONEMORE) && wcol < MAXCOL)
  #endif
  		    ;
!     line = ml_get_buf(curbuf, pos->lnum, FALSE);
  
      if (wcol >= MAXCOL)
      {
***************
*** 332,340 ****
  #endif
  
  #ifdef FEAT_MBYTE
!     /* prevent cursor from moving on the trail byte */
      if (has_mbyte)
! 	mb_adjust_cursor();
  #endif
  
      if (col < wcol)
--- 332,340 ----
  #endif
  
  #ifdef FEAT_MBYTE
!     /* prevent from moving onto a trail byte */
      if (has_mbyte)
! 	mb_adjustpos(pos);
  #endif
  
      if (col < wcol)
*** ../vim-7.2.278/src/ops.c	2009-09-30 15:15:33.000000000 +0200
--- src/ops.c	2009-11-03 15:18:50.000000000 +0100
***************
*** 2020,2025 ****
--- 2020,2026 ----
  	bd.is_MAX = (curwin->w_curswant == MAXCOL);
  	for ( ; curwin->w_cursor.lnum <= oap->end.lnum; ++curwin->w_cursor.lnum)
  	{
+ 	    curwin->w_cursor.col = 0;  /* make sure cursor position is valid */
  	    block_prep(oap, &bd, curwin->w_cursor.lnum, TRUE);
  	    if (bd.textlen == 0 && (!virtual_op || bd.is_MAX))
  		continue;	    /* nothing to replace */
***************
*** 2035,2040 ****
--- 2036,2042 ----
  	    {
  		pos_T vpos;
  
+ 		vpos.lnum = curwin->w_cursor.lnum;
  		getvpos(&vpos, oap->start_vcol);
  		bd.startspaces += vpos.coladd;
  		n = bd.startspaces;
***************
*** 2693,2703 ****
  			 * initial coladd offset as part of "startspaces" */
  			if (bd.is_short)
  			{
! 			    linenr_T lnum = curwin->w_cursor.lnum;
! 
! 			    curwin->w_cursor.lnum = linenr;
  			    (void)getvpos(&vpos, oap->start_vcol);
- 			    curwin->w_cursor.lnum = lnum;
  			}
  			else
  			    vpos.coladd = 0;
--- 2695,2702 ----
  			 * initial coladd offset as part of "startspaces" */
  			if (bd.is_short)
  			{
! 			    vpos.lnum = linenr;
  			    (void)getvpos(&vpos, oap->start_vcol);
  			}
  			else
  			    vpos.coladd = 0;
*** ../vim-7.2.278/src/version.c	2009-11-03 16:29:48.000000000 +0100
--- src/version.c	2009-11-03 16:41:53.000000000 +0100
***************
*** 678,679 ****
--- 678,681 ----
  {   /* Add new patch number below this line */
+ /**/
+     279,
  /**/

-- 
BEDEVERE: How do you know so much about swallows?
ARTHUR:   Well you have to know these things when you're a king, you know.
                 "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\        download, build and distribute -- http://www.A-A-P.org        ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///