To: vim_dev@googlegroups.com Subject: Patch 8.2.4763 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.2.4763 Problem: Using invalid pointer with "V:" in Ex mode. Solution: Correctly handle the command being changed to "+". Files: src/ex_docmd.c, src/testdir/test_ex_mode.vim *** ../vim-8.2.4762/src/ex_docmd.c 2022-04-15 13:53:30.048708690 +0100 --- src/ex_docmd.c 2022-04-16 18:48:23.057704030 +0100 *************** *** 2783,2789 **** --- 2783,2791 ---- cmdmod_T *cmod, int skip_only) { + char_u *orig_cmd = eap->cmd; char_u *cmd_start = NULL; + int did_plus_cmd = FALSE; char_u *p; int starts_with_colon = FALSE; int vim9script = in_vim9script(); *************** *** 2819,2824 **** --- 2821,2827 ---- && curwin->w_cursor.lnum < curbuf->b_ml.ml_line_count) { eap->cmd = (char_u *)"+"; + did_plus_cmd = TRUE; if (!skip_only) ex_pressedreturn = TRUE; } *************** *** 3105,3117 **** // Since the modifiers have been parsed put the colon on top of the // space: "'<,'>mod cmd" -> "mod:'<,'>cmd // Put eap->cmd after the colon. ! mch_memmove(cmd_start - 5, cmd_start, eap->cmd - cmd_start); ! eap->cmd -= 5; ! mch_memmove(eap->cmd - 1, ":'<,'>", 6); } else ! // no modifiers, move the pointer back ! eap->cmd -= 5; } return OK; --- 3108,3136 ---- // Since the modifiers have been parsed put the colon on top of the // space: "'<,'>mod cmd" -> "mod:'<,'>cmd // Put eap->cmd after the colon. ! if (did_plus_cmd) ! { ! size_t len = STRLEN(cmd_start); ! ! // Special case: empty command may have been changed to "+": ! // "'<,'>mod" -> "mod'<,'>+ ! mch_memmove(orig_cmd, cmd_start, len); ! STRCPY(orig_cmd + len, "'<,'>+"); ! } ! else ! { ! mch_memmove(cmd_start - 5, cmd_start, eap->cmd - cmd_start); ! eap->cmd -= 5; ! mch_memmove(eap->cmd - 1, ":'<,'>", 6); ! } } else ! // No modifiers, move the pointer back. ! // Special case: empty command may have been changed to "+". ! if (did_plus_cmd) ! eap->cmd = (char_u *)"'<,'>+"; ! else ! eap->cmd = orig_cmd; } return OK; *** ../vim-8.2.4762/src/testdir/test_ex_mode.vim 2022-01-25 11:54:59.198464296 +0000 --- src/testdir/test_ex_mode.vim 2022-04-16 18:41:56.375130070 +0100 *************** *** 250,254 **** --- 250,267 ---- bwipe! endfunc + " This was accessing illegal memory when using "+" for eap->cmd. + func Test_empty_command_visual_mode() + let lines =<< trim END + r + 0norm0V: + :qall! + END + call writefile(lines, 'Xexmodescript') + call assert_equal(1, RunVim([], [], '-u NONE -e -s -S Xexmodescript')) + + call delete('Xexmodescript') + endfunc + " vim: shiftwidth=2 sts=2 expandtab *** ../vim-8.2.4762/src/version.c 2022-04-16 16:49:20.370662695 +0100 --- src/version.c 2022-04-16 17:42:01.878236355 +0100 *************** *** 748,749 **** --- 748,751 ---- { /* Add new patch number below this line */ + /**/ + 4763, /**/ -- All good vision statements are created by groups of people with bloated bladders who would rather be doing anything else. (Scott Adams - The Dilbert principle) /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// \\\ \\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///