blob: d7732d4e940acffaf03d9556f738be61d1556a85 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
From: Markus Koschany <apo@debian.org>
Date: Sun, 6 Nov 2022 23:00:10 +0100
Subject: CVE-2022-2598
Origin: https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d
---
src/diff.c | 9 ++++++---
src/testdir/test_diffmode.vim | 15 +++++++++++++++
2 files changed, 21 insertions(+), 3 deletions(-)
diff --git a/src/diff.c b/src/diff.c
index d368f96..745cb87 100644
--- a/src/diff.c
+++ b/src/diff.c
@@ -451,7 +451,10 @@ diff_mark_adjust_tp(
for (i = 0; i < DB_COUNT; ++i)
if (tp->tp_diffbuf[i] != NULL && i != idx)
{
- dp->df_lnum[i] -= off;
+ if (dp->df_lnum[i] > off)
+ dp->df_lnum[i] -= off;
+ else
+ dp->df_lnum[i] = 1;
dp->df_count[i] += n;
}
}
@@ -2735,8 +2738,8 @@ ex_diffgetput(exarg_T *eap)
{
/* remember deleting the last line of the buffer */
buf_empty = curbuf->b_ml.ml_line_count == 1;
- ml_delete(lnum, FALSE);
- --added;
+ if (ml_delete(lnum, FALSE) == OK)
+ --added;
}
for (i = 0; i < dp->df_count[idx_from] - start_skip - end_skip; ++i)
{
diff --git a/src/testdir/test_diffmode.vim b/src/testdir/test_diffmode.vim
index 84fb451..3ced8cd 100644
--- a/src/testdir/test_diffmode.vim
+++ b/src/testdir/test_diffmode.vim
@@ -913,3 +913,18 @@ func Test_diff_of_diff()
call StopVimInTerminal(buf)
call delete('Xtest_diff_diff')
endfunc
+
+" This was causing the line number in the diff block to go below one.
+" FIXME: somehow this causes a valgrind error when run directly but not when
+" run as a test.
+func Test_diff_put_and_undo()
+ set diff
+ next 0
+ split 00
+ sil! norm o0�gguudpo0�ggJuudp
+
+ bwipe!
+ bwipe!
+ set nodiff
+endfunc
+
|
