wyj/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2024-09-17 20:58:20 -04:00
Code Issues Packages Projects Releases Wiki Activity

vim-patch:9.1.0707: [security]: invalid cursor position may cause a crash (#30204)

Browse Source 
Problem:  [security]: invalid cursor position may cause a crash
          (after v9.1.0038)
Solution: Set cursor to the last character in a line, if it would
          otherwise point to beyond the line; no tests added, as it
          is unclear how to reproduce this.

Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh

396fd1ec29

Co-authored-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
zeertzjq 2024-09-01 05:07:17 +08:00 committed by GitHub
parent 4ee65484b1
commit 6f167fcae9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/nvim/plines.c
View File

@ -516,7 +516,7 @@ static int virt_text_cursor_off(const CharsizeArg *csarg, bool on_NUL)
void getvcol(win_T *wp, pos_T *pos, colnr_T *start, colnr_T *cursor, colnr_T *end)
{
char *const line = ml_get_buf(wp->w_buffer, pos->lnum); // start of the line
int const end_col = pos->col;
colnr_T const end_col = pos->col;
CharsizeArg csarg;
bool on_NUL = false;
@ -560,6 +560,10 @@ void getvcol(win_T *wp, pos_T *pos, colnr_T *start, colnr_T *cursor, colnr_T *en
}
}
if (*ci.ptr == NUL && end_col < MAXCOL && end_col > ci.ptr - line) {
pos->col = (colnr_T)(ci.ptr - line);
}
int head = char_size.head;
int incr = char_size.width;