blob: f8c0adddaa2f142e8eb764b5670d0231190b0b6a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
From: Markus Koschany <apo@debian.org>
Date: Sun, 23 Oct 2022 17:11:51 +0200
Subject: CVE-2022-0319
Origin: https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2a9
---
src/testdir/test_visual.vim | 10 ++++++++++
src/window.c | 5 +++++
2 files changed, 15 insertions(+)
diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim
index afeb4da..0841952 100644
--- a/src/testdir/test_visual.vim
+++ b/src/testdir/test_visual.vim
@@ -3,6 +3,16 @@ if !has('visual')
finish
endif
+" this was causing an ml_get error
+func Test_visual_exchange_windows()
+ enew!
+ new
+ call setline(1, ['foo', 'bar'])
+ exe "normal G\<C-V>gg\<C-W>\<C-X>OO\<Esc>"
+ bwipe!
+ bwipe!
+endfunc
+
func Test_block_shift_multibyte()
" Uses double-wide character.
diff --git a/src/window.c b/src/window.c
index f78fcca..7c7f580 100644
--- a/src/window.c
+++ b/src/window.c
@@ -1576,6 +1576,11 @@ win_exchange(long Prenum)
(void)win_comp_pos(); /* recompute window positions */
+ if (wp->w_buffer != curbuf)
+ reset_VIsual_and_resel();
+ else if (VIsual_active)
+ wp->w_cursor = curwin->w_cursor;
+
win_enter(wp, TRUE);
redraw_all_later(NOT_VALID);
}
|
