1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
From d6211a52ab9f53b82f884561ed43d2fe4d24ff7d Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Sat, 18 Jun 2022 19:48:14 +0100
Subject: [PATCH] patch 8.2.5126: substitute may overrun destination buffer
Problem: Substitute may overrun destination buffer.
Solution: Disallow switching buffers in a substitute expression.
---
src/ex_docmd.c | 7 ++++---
src/testdir/test_substitute.vim | 13 +++++++++++++
src/version.c | 2 ++
3 files changed, 19 insertions(+), 3 deletions(-)
--- a/src/ex_docmd.c
+++ b/src/ex_docmd.c
@@ -8778,9 +8778,10 @@ do_exedit(
#endif
)
{
- /* Can't edit another file when "curbuf_lock" is set. Only ":edit"
- * can bring us here, others are stopped earlier. */
- if (*eap->arg != NUL && curbuf_locked())
+ /* Can't edit another file when "textlock" or "curbuf_lock" is set.
+ * Only ":edit" or ":script" can bring us here, others are stopped
+ earlier. */
+ if (*eap->arg != NUL && text_or_buf_locked())
return;
n = readonlymode;
--- a/src/testdir/test_substitute.vim
+++ b/src/testdir/test_substitute.vim
@@ -552,3 +552,16 @@ func Test_sub_undo_change()
delfunc Repl
endfunc
+" This was editing a script file from the expression
+func Test_sub_edit_scriptfile()
+ new
+ norm o0000000000000000000000000000000000000000000000000000
+ func EditScript()
+ silent! scr! Xfile
+ endfunc
+ s/\%')/\=EditScript()
+
+ delfunc EditScript
+ bwipe!
+endfunc
+
--- a/src/version.c
+++ b/src/version.c
@@ -792,6 +792,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 5126,
+/**/
5063,
/**/
5043,
|
