Commit: patch 9.1.1463: Integer overflow in getmarklist() after linewise operation

Mon, 16 Jun 2025 11:15:47 -0700 

patch 9.1.1463: Integer overflow in getmarklist() after linewise operation

Commit: 
https://github.com/vim/vim/commit/93318a9933893103442f552b26bd0a41b98cb68b
Author: zeertzjq <zeert...@outlook.com>
Date:   Mon Jun 16 20:10:38 2025 +0200

    patch 9.1.1463: Integer overflow in getmarklist() after linewise operation
    
    Problem:  Integer overflow in getmarklist() after linewise operation.
    Solution: Don't add 1 to MAXCOL (zeertzjq)
    
    related: neovim/neovim#34524
    closes: #17552
    
    Signed-off-by: zeertzjq <zeert...@outlook.com>
    Signed-off-by: Christian Brabandt <c...@256bit.org>

diff --git a/src/mark.c b/src/mark.c
index 9f6a9ccf5..2b0391981 100644
--- a/src/mark.c
+++ b/src/mark.c
@@ -1464,7 +1464,7 @@ add_mark(list_T *l, char_u *mname, pos_T *pos, int bufnr, 
char_u *fname)
 
     list_append_number(lpos, bufnr);
     list_append_number(lpos, pos->lnum);
-    list_append_number(lpos, pos->col + 1);
+    list_append_number(lpos, pos->col < MAXCOL ? pos->col + 1 : MAXCOL);
     list_append_number(lpos, pos->coladd);
 
     if (dict_add_string(d, "mark", mname) == FAIL
diff --git a/src/testdir/test_marks.vim b/src/testdir/test_marks.vim
index 20fb3041f..50f005ad1 100644
--- a/src/testdir/test_marks.vim
+++ b/src/testdir/test_marks.vim
@@ -302,6 +302,11 @@ func Test_getmarklist()
   call assert_equal({'mark' : "'r", 'pos' : [bufnr(), 2, 2, 0]},
         \ bufnr()->getmarklist()[0])
   call assert_equal([], {}->getmarklist())
+  normal! yy
+  call assert_equal([
+        \ {'mark': "'[", 'pos': [bufnr(), 2, 1, 0]},
+        \ {'mark': "']", 'pos': [bufnr(), 2, v:maxcol, 0]},
+        \ ], getmarklist(bufnr())[-2:])
   close!
 endfunc
 
diff --git a/src/version.c b/src/version.c
index c9d63e970..8d4cbf255 100644
--- a/src/version.c
+++ b/src/version.c
@@ -709,6 +709,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1463,
 /**/
     1462,
 /**/

-- 
-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

--- 
You received this message because you are subscribed to the Google Groups 
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to vim_dev+unsubscr...@googlegroups.com.
To view this discussion visit 
https://groups.google.com/d/msgid/vim_dev/E1uREMK-002Uua-Qu%40256bit.org.

Raspunde prin e-mail lui