Bug#563071: [patch] Vim crashes after setpos('.', [0, 1, 0, 0])

Bram Moolenaar Bram at Moolenaar.net
Wed Dec 30 18:23:50 UTC 2009


James -

> Bram,
> 
> Calling setpos() with a number <=3D 0 for the col argument results in a
> negative value for curwin->w_cursor.col, which can cause various
> commands that rely on the col value to crash Vim.
> 
> A simple example is:
> 
>   $ echo foo > foo
>   $ vim -u NONE -c 'call setpos(".", [0, 1, 0, 0])' -c 'normal x' foo
> 
> This is due to f_setpos blindly decrementing the col value it gets back
> =66rom list2fpos.  Since there may be other places which can cause col to
> be negative, the attached patch updates check_cursor_col to ensure that
> curwin->w_cursor.col is always >=3D 0, similar to check_cursor_lnum's
> behavior.

Thanks, I'll include it soon.

- Bram

-- 
hundred-and-one symptoms of being an internet addict:
69. Yahoo welcomes you with your own start page

 /// Bram Moolenaar -- Bram at Moolenaar.net -- http://www.Moolenaar.net   \\\
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\        download, build and distribute -- http://www.A-A-P.org        ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///





More information about the pkg-vim-maintainers mailing list