Your message dated Wed, 30 Dec 2009 12:43:57 -0500 with message-id <[email protected]> has caused the report #563071, regarding vim-nox: segfault after setpos(".", [0, 1, 0, 0]) to be marked as having been forwarded to the upstream software author(s) Bram Moolenaar <[email protected]>
(NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 563071: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=563071 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Bram, Calling setpos() with a number <= 0 for the col argument results in a negative value for curwin->w_cursor.col, which can cause various commands that rely on the col value to crash Vim. A simple example is: $ echo foo > foo $ vim -u NONE -c 'call setpos(".", [0, 1, 0, 0])' -c 'normal x' foo This is due to f_setpos blindly decrementing the col value it gets back from list2fpos. Since there may be other places which can cause col to be negative, the attached patch updates check_cursor_col to ensure that curwin->w_cursor.col is always >= 0, similar to check_cursor_lnum's behavior. -- James GPG Key: 1024D/61326D40 2003-09-02 James Vega <[email protected]>diff --git a/src/misc2.c b/src/misc2.c index 5fc64bb..2dbf486 100644 --- a/src/misc2.c +++ b/src/misc2.c @@ -528,6 +528,8 @@ check_cursor_col() #endif } } + if (curwin->w_cursor.col < 0) + curwin->w_cursor.col = 0; #ifdef FEAT_VIRTUALEDIT /* If virtual editing is on, we can leave the cursor on the old position,
signature.asc
Description: Digital signature
--- End Message ---
