To: vim_dev@googlegroups.com Subject: Patch 9.0.1331 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 9.0.1331 Problem: Illegal memory access when using :ball in Visual mode. Solution: Stop Visual mode when using :ball. (Pavel Mayorov, closes #11923) Files: src/buffer.c, src/testdir/test_visual.vim *** ../vim-9.0.1330/src/buffer.c 2023-02-20 12:16:33.324269403 +0000 --- src/buffer.c 2023-02-20 14:26:31.939664264 +0000 *************** *** 5402,5407 **** --- 5402,5411 ---- else all = TRUE; + // Stop Visual mode, the cursor and "VIsual" may very well be invalid after + // switching to another buffer. + reset_VIsual_and_resel(); + setpcmark(); #ifdef FEAT_GUI *** ../vim-9.0.1330/src/testdir/test_visual.vim 2023-02-01 17:33:14.863435888 +0000 --- src/testdir/test_visual.vim 2023-02-20 14:28:59.503726924 +0000 *************** *** 1534,1537 **** --- 1534,1558 ---- exe 'bwipe!' buf2 endfunc + " Check fix for the heap-based buffer overflow bug found in the function + " utfc_ptr2len and reported at + " https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e + func Test_heap_buffer_overflow() + enew + set updatecount=0 + + norm R0 + split other + norm R000 + exe "norm \l" + ball + call assert_equal(getpos("."), getpos("v")) + call assert_equal('n', mode()) + norm zW + + %bwipe! + set updatecount& + endfunc + + " vim: shiftwidth=2 sts=2 expandtab *** ../vim-9.0.1330/src/version.c 2023-02-20 12:16:33.340269410 +0000 --- src/version.c 2023-02-20 14:33:08.391814653 +0000 *************** *** 697,698 **** --- 697,700 ---- { /* Add new patch number below this line */ + /**/ + 1331, /**/ -- hundred-and-one symptoms of being an internet addict: 157. You fum through a magazine, you first check to see if it has a web address. /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// \\\ \\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///