Bug#563071: [patch] Vim crashes after setpos('.', [0, 1, 0, 0])

James Vega jamessan at debian.org
Wed Dec 30 17:43:57 UTC 2009


Bram,

Calling setpos() with a number <= 0 for the col argument results in a
negative value for curwin->w_cursor.col, which can cause various
commands that rely on the col value to crash Vim.

A simple example is:

  $ echo foo > foo
  $ vim -u NONE -c 'call setpos(".", [0, 1, 0, 0])' -c 'normal x' foo

This is due to f_setpos blindly decrementing the col value it gets back
from list2fpos.  Since there may be other places which can cause col to
be negative, the attached patch updates check_cursor_col to ensure that
curwin->w_cursor.col is always >= 0, similar to check_cursor_lnum's
behavior.

-- 
James
GPG Key: 1024D/61326D40 2003-09-02 James Vega <jamessan at debian.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: setpos.diff
Type: text/x-diff
Size: 332 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-vim-maintainers/attachments/20091230/ba8df8be/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-vim-maintainers/attachments/20091230/ba8df8be/attachment.pgp>


More information about the pkg-vim-maintainers mailing list