Hi
When using {Visual}["x]r{char} command while in virtualedit
mode (:set virtualedit=all), valgrind memory checker detects
the following error with Vim-7.2.267:
==9475== Invalid read of size 1
==9475== at 0x8120FB2: utf_head_off (mbyte.c:2585)
==9475== by 0x8121729: mb_adjustpos (mbyte.c:2878)
==9475== by 0x81216D6: mb_adjust_cursor (mbyte.c:2858)
==9475== by 0x8114A04: coladvance2 (misc2.c:337)
==9475== by 0x81144BE: getvpos (misc2.c:129)
==9475== by 0x8135205: op_replace (ops.c:2038)
==9475== by 0x812684B: do_pending_operator (normal.c:2067)
==9475== by 0x8125126: normal_cmd (normal.c:1214)
==9475== by 0x80B158F: exec_normal_cmd (ex_docmd.c:9194)
==9475== by 0x80B13DF: ex_normal (ex_docmd.c:9093)
==9475== by 0x80A7494: do_one_cmd (ex_docmd.c:2629)
==9475== by 0x80A4CCB: do_cmdline (ex_docmd.c:1098)
==9475== by 0x808D338: ex_execute (eval.c:19577)
==9475== by 0x80A7494: do_one_cmd (ex_docmd.c:2629)
==9475== by 0x80A4CCB: do_cmdline (ex_docmd.c:1098)
==9475== by 0x80A4364: do_cmdline_cmd (ex_docmd.c:704)
==9475== by 0x80E9BA3: exe_commands (main.c:2697)
==9475== by 0x80E758B: main (main.c:874)
I can reproduce it 100% of the time with the following command
for example:
$ cd vim7/src
$ valgrind ./vim -u NONE normal.c -c 'set virtualedit=all' -c 'exe
"norm 50|\<c-v>100j4lr1"' 2> log
Code in mbyte.cpp is:
2865 void
2866 mb_adjustpos(lp)
2867 pos_T *lp;
2868 {
2869 char_u *p;
2870
2871 if (lp->col > 0
2872 #ifdef FEAT_VIRTUALEDIT
2873 || lp->coladd > 1
2874 #endif
2875 )
2876 {
2877 p = ml_get(lp->lnum);
2878 lp->col -= (*mb_head_off)(p, p + lp->col);
2879 #ifdef FEAT_VIRTUALEDIT
2880 /* Reset "coladd" when the cursor would be on the right half of a
2881 * double-wide character. */
2882 if (lp->coladd == 1
2883 && p[lp->col] != TAB
2884 && vim_isprintc((*mb_ptr2char)(p + lp->col))
2885 && ptr2cells(p + lp->col) > 1)
2886 lp->coladd = 0;
2887 #endif
2888 }
2889 }
lp->col can go beyond end of p string at line 2878 when in
virtualedit=all mode, causing the bug when calling utf_head_off()
at line 2878.
Attached patch fixes it but please review it.
-- Dominique
--~--~---------~--~----~------------~-------~--~----~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~----------~----~----~----~------~----~------~--~---
Index: mbyte.c
===================================================================
RCS file: /cvsroot/vim/vim7/src/mbyte.c,v
retrieving revision 1.77
diff -c -r1.77 mbyte.c
*** mbyte.c 16 Jun 2009 13:22:34 -0000 1.77
--- mbyte.c 31 Oct 2009 14:13:20 -0000
***************
*** 2875,2889 ****
)
{
p = ml_get(lp->lnum);
- lp->col -= (*mb_head_off)(p, p + lp->col);
#ifdef FEAT_VIRTUALEDIT
! /* Reset "coladd" when the cursor would be on the right half of a
! * double-wide character. */
! if (lp->coladd == 1
! && p[lp->col] != TAB
! && vim_isprintc((*mb_ptr2char)(p + lp->col))
! && ptr2cells(p + lp->col) > 1)
! lp->coladd = 0;
#endif
}
}
--- 2875,2894 ----
)
{
p = ml_get(lp->lnum);
#ifdef FEAT_VIRTUALEDIT
! if (lp->col < STRLEN(p))
! {
! #endif
! lp->col -= (*mb_head_off)(p, p + lp->col);
! #ifdef FEAT_VIRTUALEDIT
! /* Reset "coladd" when the cursor would be on the right half of a
! * double-wide character. */
! if (lp->coladd == 1
! && p[lp->col] != TAB
! && vim_isprintc((*mb_ptr2char)(p + lp->col))
! && ptr2cells(p + lp->col) > 1)
! lp->coladd = 0;
! }
#endif
}
}
