rpms / vim

Clone
Source Code
GIT

Blame SOURCES/0001-patch-8.2.5037-cursor-position-may-be-invalid-after-.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta c9s-sig-hyperscale
  1.   3e779a61e90e1c24f2efc555e944d98a691e404e
  2.   SOURCES
  3.   0001-patch-8.2.5037-cursor-position-may-be-invalid-after-.patch
Blob History Raw
3e779a 
diff -up vim80/src/ex_docmd.c.cve1927 vim80/src/ex_docmd.c
3e779a 
--- vim80/src/ex_docmd.c.cve1927	2022-06-13 16:31:41.841068554 +0200
3e779a 
+++ vim80/src/ex_docmd.c	2022-06-13 16:37:02.789876973 +0200
3e779a 
@@ -1720,6 +1720,8 @@ do_one_cmd(
3e779a 
     int			ni;			/* set when Not Implemented */
3e779a 
     char_u		*cmd;
3e779a 
     int			address_count = 1;
3e779a 
+    int			need_check_cursor = FALSE;
3e779a 
+    int			ret_addr = FAIL;
3e779a
3e779a 
     vim_memset(&ea, 0, sizeof(ea));
3e779a 
     ea.line1 = 1;
3e779a 
@@ -2084,7 +2086,7 @@ do_one_cmd(
3e779a 
 	lnum = get_address(&ea, &ea.cmd, ea.addr_type, ea.skip,
3e779a 
 					  ea.addr_count == 0, address_count++);
3e779a 
 	if (ea.cmd == NULL)		    /* error detected */
3e779a 
-	    goto doend;
3e779a 
+	    goto addr_end;
3e779a 
 	if (lnum == MAXLNUM)
3e779a 
 	{
3e779a 
 	    if (*ea.cmd == '%')		    /* '%' - all lines */
3e779a 
@@ -2128,12 +2130,12 @@ do_one_cmd(
3e779a 
 			    /* there is no Vim command which uses '%' and
3e779a 
 			     * ADDR_WINDOWS or ADDR_TABS */
3e779a 
 			    errormsg = (char_u *)_(e_invrange);
3e779a 
-			    goto doend;
3e779a 
+			    goto addr_end;
3e779a 
 			}
3e779a 
 			break;
3e779a 
 		    case ADDR_TABS_RELATIVE:
3e779a 
 			errormsg = (char_u *)_(e_invrange);
3e779a 
-			goto doend;
3e779a 
+			goto addr_end;
3e779a 
 			break;
3e779a 
 		    case ADDR_ARGUMENTS:
3e779a 
 			if (ARGCOUNT == 0)
3e779a 
@@ -2163,7 +2165,7 @@ do_one_cmd(
3e779a 
 		if (ea.addr_type != ADDR_LINES)
3e779a 
 		{
3e779a 
 		    errormsg = (char_u *)_(e_invrange);
3e779a 
-		    goto doend;
3e779a 
+		    goto addr_end;
3e779a 
 		}
3e779a
3e779a 
 		++ea.cmd;
3e779a 
@@ -2171,11 +2173,11 @@ do_one_cmd(
3e779a 
 		{
3e779a 
 		    fp = getmark('<', FALSE);
3e779a 
 		    if (check_mark(fp) == FAIL)
3e779a 
-			goto doend;
3e779a 
+			goto addr_end;
3e779a 
 		    ea.line1 = fp->lnum;
3e779a 
 		    fp = getmark('>', FALSE);
3e779a 
 		    if (check_mark(fp) == FAIL)
3e779a 
-			goto doend;
3e779a 
+			goto addr_end;
3e779a 
 		    ea.line2 = fp->lnum;
3e779a 
 		    ++ea.addr_count;
3e779a 
 		}
3e779a 
@@ -2190,8 +2192,11 @@ do_one_cmd(
3e779a 
 	    if (!ea.skip)
3e779a 
 	    {
3e779a 
 		curwin->w_cursor.lnum = ea.line2;
3e779a 
+
3e779a 
 		/* don't leave the cursor on an illegal line or column */
3e779a 
+		// Check the cursor position before returning.
3e779a 
 		check_cursor();
3e779a 
+		need_check_cursor = TRUE;
3e779a 
 	    }
3e779a 
 	}
3e779a 
 	else if (*ea.cmd != ',')
3e779a 
@@ -2208,6 +2213,13 @@ do_one_cmd(
3e779a 
 	    ea.addr_count = 0;
3e779a 
     }
3e779a
3e779a 
+    ret_addr = OK;
3e779a 
+
3e779a 
+addr_end:
3e779a 
+    if (need_check_cursor)
3e779a 
+	check_cursor();
3e779a 
+    if (ret_addr == FAIL)
3e779a 
+	goto doend;
3e779a 
 /*
3e779a 
  * 5. Parse the command.
3e779a 
  */

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation