patch 9.1.0707: [security]: invalid cursor position may cause a crash

chrisbra · zeertzjq · chrisbra · commit 396fd1ec2956 · 2024-08-31T17:58:16.000+02:00
Problem: [security]: invalid cursor position may cause a crash (after v9.1.0038) Solution: Set cursor to the last character in a line, if it would otherwise point to beyond the line; no tests added, as it is unclear how to reproduce this. Github Advisory: GHSA-4ghr-c62x-cqfh Co-authored-by: zeertzjq <zeertzjq@outlook.com> Signed-off-by: zeertzjq <zeertzjq@outlook.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
diff --git a/src/charset.c b/src/charset.c
@@ -1678,6 +1678,9 @@ getvcol(
     }
     clear_chartabsize_arg(&cts);
 
+    if (*ptr == NUL && pos->col < MAXCOL && pos->col > ptr - line)
+	pos->col = ptr - line;
+
     if (start != NULL)
 	*start = vcol + head;
     if (end != NULL)
diff --git a/src/version.c b/src/version.c
@@ -704,6 +704,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    707,
 /**/
     706,
 /**/

Original file line number	Diff line number	Diff line change
`@@ -1678,6 +1678,9 @@ getvcol(`
`1678`	`1678`	`}`
`1679`	`1679`	`clear_chartabsize_arg(&cts);`
`1680`	`1680`
	`1681`	`+ if (*ptr == NUL && pos->col < MAXCOL && pos->col > ptr - line)`
	`1682`	`+ pos->col = ptr - line;`
	`1683`	`+`
`1681`	`1684`	`if (start != NULL)`
`1682`	`1685`	`*start = vcol + head;`
`1683`	`1686`	`if (end != NULL)`