Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
patch 9.0.1331: illegal memory access when using :ball in Visual mode
Problem:    Illegal memory access when using :ball in Visual mode.
Solution:   Stop Visual mode when using :ball. (Pavel Mayorov, closes #11923)
  • Loading branch information
Pavel Mayorov authored and brammool committed Feb 20, 2023
1 parent af93691 commit e1121b1
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 0 deletions.
4 changes: 4 additions & 0 deletions src/buffer.c
Expand Up @@ -5402,6 +5402,10 @@ ex_buffer_all(exarg_T *eap)
else
all = TRUE;

// Stop Visual mode, the cursor and "VIsual" may very well be invalid after
// switching to another buffer.
reset_VIsual_and_resel();

setpcmark();

#ifdef FEAT_GUI
Expand Down
21 changes: 21 additions & 0 deletions src/testdir/test_visual.vim
Expand Up @@ -1534,4 +1534,25 @@ func Test_switch_buffer_ends_visual_mode()
exe 'bwipe!' buf2
endfunc
" Check fix for the heap-based buffer overflow bug found in the function
" utfc_ptr2len and reported at
" https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e
func Test_heap_buffer_overflow()
enew
set updatecount=0
norm R0
split other
norm R000
exe "norm \<C-V>l"
ball
call assert_equal(getpos("."), getpos("v"))
call assert_equal('n', mode())
norm zW
%bwipe!
set updatecount&
endfunc
" vim: shiftwidth=2 sts=2 expandtab
2 changes: 2 additions & 0 deletions src/version.c
Expand Up @@ -695,6 +695,8 @@ static char *(features[]) =

static int included_patches[] =
{ /* Add new patch number below this line */
/**/
1331,
/**/
1330,
/**/
Expand Down

0 comments on commit e1121b1

Please sign in to comment.