blob: 1b84df99f08a3c00ea2cebac37eedb0d13699c8a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
From: Markus Koschany <apo@debian.org>
Date: Wed, 2 Nov 2022 15:12:10 +0100
Subject: CVE-2022-1851
Origin: https://github.com/vim/vim/commit/78d52883e10d71f23ab72a3d8b9733b00da8c9ad
---
src/ops.c | 3 +++
src/testdir/test_textformat.vim | 12 ++++++++++++
2 files changed, 15 insertions(+)
diff --git a/src/ops.c b/src/ops.c
index 4c81922..84b5f90 100644
--- a/src/ops.c
+++ b/src/ops.c
@@ -4778,6 +4778,9 @@ op_format(
{
curwin->w_cursor = saved_cursor;
saved_cursor.lnum = 0;
+
+ // formatting may have made the cursor position invalid
+ check_cursor();
}
if (oap->is_VIsual)
diff --git a/src/testdir/test_textformat.vim b/src/testdir/test_textformat.vim
index 13fb50b..508e18b 100644
--- a/src/testdir/test_textformat.vim
+++ b/src/testdir/test_textformat.vim
@@ -489,3 +489,15 @@ func Test_format_list_auto()
bwipe!
set fo& ai& bs&
endfunc
+
+" This was leaving the cursor after the end of a line. Complicated way to
+" have the problem show up with valgrind.
+func Test_correct_cursor_position()
+ set encoding=iso8859
+ new
+ norm a0000
+ sil! norm gggg0i0gw0gg
+
+ bwipe!
+ set encoding=utf8
+endfunc
|
