58 lines
1.6 KiB
Diff
58 lines
1.6 KiB
Diff
From e1121b139480f53d1b06f84f3e4574048108fa0b Mon Sep 17 00:00:00 2001
|
|
From: Pavel Mayorov <pmayorov@cloudlinux.com>
|
|
Date: Mon, 20 Feb 2023 14:35:20 +0000
|
|
Subject: [PATCH] patch 9.0.1331: illegal memory access when using :ball in
|
|
Visual mode
|
|
|
|
Problem: Illegal memory access when using :ball in Visual mode.
|
|
Solution: Stop Visual mode when using :ball. (Pavel Mayorov, closes #11923)
|
|
---
|
|
src/buffer.c | 4 ++++
|
|
src/testdir/test_visual.vim | 19 +++++++++++++++++++++
|
|
2 files changed, 23 insertions(+)
|
|
|
|
diff --git a/src/buffer.c b/src/buffer.c
|
|
index cb7bdf445dee..ff35729fb929 100644
|
|
--- a/src/buffer.c
|
|
+++ b/src/buffer.c
|
|
@@ -5319,6 +5319,10 @@ ex_buffer_all(exarg_T *eap)
|
|
else
|
|
all = TRUE;
|
|
|
|
+ // Stop Visual mode, the cursor and "VIsual" may very well be invalid after
|
|
+ // switching to another buffer.
|
|
+ reset_VIsual_and_resel();
|
|
+
|
|
setpcmark();
|
|
|
|
#ifdef FEAT_GUI
|
|
diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim
|
|
index 295e16f93d9d..f152e7b79ba8 100644
|
|
--- a/src/testdir/test_visual.vim
|
|
+++ b/src/testdir/test_visual.vim
|
|
@@ -1493,5 +1493,24 @@ func Test_visual_area_adjusted_when_hiding()
|
|
bwipe!
|
|
endfunc
|
|
|
|
+" Check fix for the heap-based buffer overflow bug found in the function
|
|
+" utfc_ptr2len and reported at
|
|
+" https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e
|
|
+func Test_heap_buffer_overflow()
|
|
+ enew
|
|
+ set updatecount=0
|
|
+
|
|
+ norm R0
|
|
+ split other
|
|
+ norm R000
|
|
+ exe "norm \<C-V>l"
|
|
+ ball
|
|
+ call assert_equal(getpos("."), getpos("v"))
|
|
+ call assert_equal('n', mode())
|
|
+ norm zW
|
|
+
|
|
+ %bwipe!
|
|
+ set updatecount&
|
|
+endfunc
|
|
|
|
" vim: shiftwidth=2 sts=2 expandtab
|