To: vim-dev@vim.org

Subject: Patch 7.2.279

Fcc: outbox

From: Bram Moolenaar <Bram@moolenaar.net>

Mime-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

------------

Patch 7.2.279

Problem:    Invalid memory read with visual mode "r". (Dominique Pelle)

Solution:   Make sure the cursor position is valid.  Don't check the cursor

	    position but the position being used.  And make sure we get the

	    right line.

Files:	    src/misc2.c, src/ops.c

*** ../vim-7.2.278/src/misc2.c	2009-05-16 21:06:36.000000000 +0200

--- src/misc2.c	2009-11-03 16:43:10.000000000 +0100

***************

*** 156,162 ****

  		    || ((ve_flags & VE_ONEMORE) && wcol < MAXCOL)

  #endif

  		    ;

!     line = ml_get_curline();

      if (wcol >= MAXCOL)

      {

--- 156,162 ----

  		    || ((ve_flags & VE_ONEMORE) && wcol < MAXCOL)

  #endif

  		    ;

!     line = ml_get_buf(curbuf, pos->lnum, FALSE);

      if (wcol >= MAXCOL)

      {

***************

*** 332,340 ****

  #endif

  #ifdef FEAT_MBYTE

!     /* prevent cursor from moving on the trail byte */

      if (has_mbyte)

! 	mb_adjust_cursor();

  #endif

      if (col < wcol)

--- 332,340 ----

  #endif

  #ifdef FEAT_MBYTE

!     /* prevent from moving onto a trail byte */

      if (has_mbyte)

! 	mb_adjustpos(pos);

  #endif

      if (col < wcol)

*** ../vim-7.2.278/src/ops.c	2009-09-30 15:15:33.000000000 +0200

--- src/ops.c	2009-11-03 15:18:50.000000000 +0100

***************

*** 2020,2025 ****

--- 2020,2026 ----

  	bd.is_MAX = (curwin->w_curswant == MAXCOL);

  	for ( ; curwin->w_cursor.lnum <= oap->end.lnum; ++curwin->w_cursor.lnum)

  	{

+ 	    curwin->w_cursor.col = 0;  /* make sure cursor position is valid */

  	    block_prep(oap, &bd, curwin->w_cursor.lnum, TRUE);

  	    if (bd.textlen == 0 && (!virtual_op || bd.is_MAX))

  		continue;	    /* nothing to replace */

***************

*** 2035,2040 ****

--- 2036,2042 ----

  	    {

  		pos_T vpos;

+ 		vpos.lnum = curwin->w_cursor.lnum;

  		getvpos(&vpos, oap->start_vcol);

  		bd.startspaces += vpos.coladd;

  		n = bd.startspaces;

***************

*** 2693,2703 ****

  			 * initial coladd offset as part of "startspaces" */

  			if (bd.is_short)

  			{

! 			    linenr_T lnum = curwin->w_cursor.lnum;

! 

! 			    curwin->w_cursor.lnum = linenr;

  			    (void)getvpos(&vpos, oap->start_vcol);

- 			    curwin->w_cursor.lnum = lnum;

  			}

  			else

  			    vpos.coladd = 0;

--- 2695,2702 ----

  			 * initial coladd offset as part of "startspaces" */

  			if (bd.is_short)

  			{

! 			    vpos.lnum = linenr;

  			    (void)getvpos(&vpos, oap->start_vcol);

  			}

  			else

  			    vpos.coladd = 0;

*** ../vim-7.2.278/src/version.c	2009-11-03 16:29:48.000000000 +0100

--- src/version.c	2009-11-03 16:41:53.000000000 +0100

***************

*** 678,679 ****

--- 678,681 ----

  {   /* Add new patch number below this line */

+ /**/

+     279,

  /**/

-- 

BEDEVERE: How do you know so much about swallows?

ARTHUR:   Well you have to know these things when you're a king, you know.

                 "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\

///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\

\\\        download, build and distribute -- http://www.A-A-P.org        ///

 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///