blob: 0bc149703a486661199780e7e073dea9ab14ff36 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
From: Markus Koschany <apo@debian.org>
Date: Sun, 11 Jun 2023 13:56:10 +0200
Subject: CVE-2023-1175
Origin: https://github.com/vim/vim/commit/c99cbf8f289bdda5d4a77d7ec415850a520330ba
---
src/ops.c | 2 ++
src/testdir/test_virtualedit.vim | 10 ++++++++++
2 files changed, 12 insertions(+)
diff --git a/src/ops.c b/src/ops.c
index 50d5af9..45e6308 100644
--- a/src/ops.c
+++ b/src/ops.c
@@ -3119,6 +3119,8 @@ op_yank(oparg_T *oap, int deleting, int mess)
* double-count it. */
bd.startspaces = (ce - cs + 1)
- oap->start.coladd;
+ if (bd.startspaces < 0)
+ bd.startspaces = 0;
startcol++;
}
}
diff --git a/src/testdir/test_virtualedit.vim b/src/testdir/test_virtualedit.vim
index 6b8fdfd..c2a9403 100644
--- a/src/testdir/test_virtualedit.vim
+++ b/src/testdir/test_virtualedit.vim
@@ -87,3 +87,13 @@ func Test_virtualedit_replace_after_tab()
bwipe!
endfunc
+func Test_edit_special_char()
+ new
+ se ve=all
+ norm a0
+ sil! exe "norm o00000\<Nul>k<a0s"
+
+ bwipe!
+ set virtualedit=
+endfunc
+
|
