Dominique Pelle wrote:
> When using {Visual}["x]r{char} command while in virtualedit
> mode (:set virtualedit=all), valgrind memory checker detects
> the following error with Vim-7.2.267:
>
> ==9475== Invalid read of size 1
> ==9475== at 0x8120FB2: utf_head_off (mbyte.c:2585)
> ==9475== by 0x8121729: mb_adjustpos (mbyte.c:2878)
> ==9475== by 0x81216D6: mb_adjust_cursor (mbyte.c:2858)
> ==9475== by 0x8114A04: coladvance2 (misc2.c:337)
> ==9475== by 0x81144BE: getvpos (misc2.c:129)
> ==9475== by 0x8135205: op_replace (ops.c:2038)
> ==9475== by 0x812684B: do_pending_operator (normal.c:2067)
> ==9475== by 0x8125126: normal_cmd (normal.c:1214)
> ==9475== by 0x80B158F: exec_normal_cmd (ex_docmd.c:9194)
> ==9475== by 0x80B13DF: ex_normal (ex_docmd.c:9093)
> ==9475== by 0x80A7494: do_one_cmd (ex_docmd.c:2629)
> ==9475== by 0x80A4CCB: do_cmdline (ex_docmd.c:1098)
> ==9475== by 0x808D338: ex_execute (eval.c:19577)
> ==9475== by 0x80A7494: do_one_cmd (ex_docmd.c:2629)
> ==9475== by 0x80A4CCB: do_cmdline (ex_docmd.c:1098)
> ==9475== by 0x80A4364: do_cmdline_cmd (ex_docmd.c:704)
> ==9475== by 0x80E9BA3: exe_commands (main.c:2697)
> ==9475== by 0x80E758B: main (main.c:874)
>
> I can reproduce it 100% of the time with the following command
> for example:
>
> $ cd vim7/src
> $ valgrind ./vim -u NONE normal.c -c 'set virtualedit=all' -c 'exe
> "norm 50|\<c-v>100j4lr1"' 2> log
>
> Code in mbyte.cpp is:
>
> 2865 void
> 2866 mb_adjustpos(lp)
> 2867 pos_T *lp;
> 2868 {
> 2869 char_u *p;
> 2870
> 2871 if (lp->col > 0
> 2872 #ifdef FEAT_VIRTUALEDIT
> 2873 || lp->coladd > 1
> 2874 #endif
> 2875 )
> 2876 {
> 2877 p = ml_get(lp->lnum);
> 2878 lp->col -= (*mb_head_off)(p, p + lp->col);
> 2879 #ifdef FEAT_VIRTUALEDIT
> 2880 /* Reset "coladd" when the cursor would be on the right half of a
> 2881 * double-wide character. */
> 2882 if (lp->coladd == 1
> 2883 && p[lp->col] != TAB
> 2884 && vim_isprintc((*mb_ptr2char)(p + lp->col))
> 2885 && ptr2cells(p + lp->col) > 1)
> 2886 lp->coladd = 0;
> 2887 #endif
> 2888 }
> 2889 }
>
> lp->col can go beyond end of p string at line 2878 when in
> virtualedit=all mode, causing the bug when calling utf_head_off()
> at line 2878.
>
> Attached patch fixes it but please review it.
Thanks, I'll look into it soon.
--
A hamburger walks into a bar, and the bartender says: "I'm sorry,
but we don't serve food here."
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ download, build and distribute -- http://www.A-A-P.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--~--~---------~--~----~------------~-------~--~----~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~----------~----~----~----~------~----~------~--~---
