patch 9.1.1818: possible crash when calculating topline in diff.c
Commit:
https://github.com/vim/vim/commit/d32b3bb7ebe29f856a054cfd552c68afabd065c3
Author: Christian Brabandt <[email protected]>
Date: Wed Oct 1 21:25:40 2025 +0000
patch 9.1.1818: possible crash when calculating topline in diff.c
Problem: possible crash when calculating topline in diff.c
(youngmith)
Solution: Check for pointer being Null before accessing it
fixes: #18437
Signed-off-by: Christian Brabandt <[email protected]>
diff --git a/src/diff.c b/src/diff.c
index 25b9ae977..ec0640c56 100644
--- a/src/diff.c
+++ b/src/diff.c
@@ -2226,6 +2226,7 @@ calculate_topfill_and_topline(
diff_T *thistopdiff = NULL;
diff_T *next_adjacent_blocks = NULL;
int virtual_lines_passed = 0;
+ int curlinenum_to = 1;
find_top_diff_block(&thistopdiff, &next_adjacent_blocks, fromidx,
from_topline);
@@ -2253,7 +2254,8 @@ calculate_topfill_and_topline(
// move the same amount of virtual lines in the target buffer to find the
// cursor's line number
- int curlinenum_to = thistopdiff->df_lnum[toidx];
+ if (thistopdiff != NULL)
+ curlinenum_to = thistopdiff->df_lnum[toidx];
int virt_lines_left = virtual_lines_passed;
curdif = thistopdiff;
diff --git a/src/testdir/test_crash.vim b/src/testdir/test_crash.vim
index ff9b63ba3..a26a1b8fd 100644
--- a/src/testdir/test_crash.vim
+++ b/src/testdir/test_crash.vim
@@ -143,6 +143,28 @@ func Test_crash1_2()
call s:RunCommandAndWait(buf, args ..
\ ' ; echo "crash 5: [OK]" >> '.. result)
+ let file = 'Xdiff'
+ let lines =<< trim END
+ diffs a
+ edit Xdiff
+ file b
+ exe "norm! \<C-w>\<C-w>"
+ exe "norm! \<C-w>\<C-w>"
+ exe "norm! \<C-w>\<C-w>"
+ exe "norm! \<C-w>\<C-w>"
+ exe "norm! \<C-w>\<C-w>"
+ exe "norm! \<C-w>\L"
+ exe "norm! \<C-j>oy\<C-j>"
+ edit Xdiff
+ sil!so
+ END
+ call writefile(lines, file, 'D')
+ let cmn_args = "%s -u NONE -i NONE -X -m -n -e -s -u %s -c ':qa!'"
+ let args = printf(cmn_args, vim, file)
+ call s:RunCommandAndWait(buf, args ..
+ \ ' && echo "crash 6: [OK]" >> '.. result)
+
+
" clean up
exe buf .. "bw!"
exe "sp " .. result
@@ -152,6 +174,7 @@ func Test_crash1_2()
\ 'crash 3: [OK]',
\ 'crash 4: [OK]',
\ 'crash 5: [OK]',
+ \ 'crash 6: [OK]',
\ ]
call assert_equal(expected, getline(1, '$'))
diff --git a/src/version.c b/src/version.c
index 016f73f87..0565a8216 100644
--- a/src/version.c
+++ b/src/version.c
@@ -729,6 +729,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 1818,
/**/
1817,
/**/
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/vim_dev/E1v45Kl-0064wo-S6%40256bit.org.
