patch 9.2.0385: Integer overflow with "ze" and large 'sidescrolloff'
Commit: https://github.com/vim/vim/commit/33f3965087b01dccf4382ed419d34799ffd66cd9 Author: zeertzjq <[email protected]> Date: Tue Apr 21 19:41:37 2026 +0000 patch 9.2.0385: Integer overflow with "ze" and large 'sidescrolloff' Problem: Integer overflow with "ze" and large 'sidescrolloff'. Solution: Check for overflow to avoid negative w_leftcol (zeertzjq). closes: #20026 Signed-off-by: zeertzjq <[email protected]> Signed-off-by: Christian Brabandt <[email protected]> diff --git a/src/move.c b/src/move.c index 7e3be2726..943eb519f 100644 --- a/src/move.c +++ b/src/move.c @@ -1184,9 +1184,9 @@ curwin_col_off2(void) curs_columns( int may_scroll) // when TRUE, may scroll horizontally { - int diff; + long diff; int extra; // offset for first screen line - int off_left, off_right; + long off_left, off_right; int n; int p_lines; int width1; // text width for first screen line @@ -1306,13 +1306,12 @@ curs_columns( #endif /* * If Cursor is left of the screen, scroll rightwards. - * If Cursor is right of the screen, scroll leftwards + * If Cursor is right of the screen, scroll leftwards. * If we get closer to the edge than 'sidescrolloff', scroll a little - * extra + * extra. */ - off_left = (int)startcol - (int)curwin->w_leftcol - siso; - off_right = (int)endcol - (int)(curwin->w_leftcol + curwin->w_width - - siso) + 1; + off_left = startcol - curwin->w_leftcol - siso; + off_right = endcol - curwin->w_leftcol - (curwin->w_width - siso) + 1; if (off_left < 0 || off_right > 0) { if (off_left < 0) @@ -1329,9 +1328,9 @@ curs_columns( if (diff < p_ss) diff = p_ss; if (off_left < 0) - new_leftcol = curwin->w_leftcol - diff; + new_leftcol = curwin->w_leftcol - (int)diff; else - new_leftcol = curwin->w_leftcol + diff; + new_leftcol = curwin->w_leftcol + (int)diff; } if (new_leftcol < 0) new_leftcol = 0; diff --git a/src/normal.c b/src/normal.c index 2c46bf31f..b402aa81d 100644 --- a/src/normal.c +++ b/src/normal.c @@ -2791,8 +2791,10 @@ nv_zet(cmdarg_T *cap) n = curwin->w_width - curwin_col_off(); if ((long)col + siso < n) col = 0; + else if (siso - n < INT_MAX - col) + col = (int)(col + siso - n + 1); else - col = col + siso - n + 1; + col = INT_MAX; if (curwin->w_leftcol != col) { curwin->w_leftcol = col; diff --git a/src/testdir/test_normal.vim b/src/testdir/test_normal.vim index 4f435610b..eea789123 100644 --- a/src/testdir/test_normal.vim +++ b/src/testdir/test_normal.vim @@ -1196,6 +1196,31 @@ func Test_normal17_z_scroll_hor2() bw! endfunc +func Test_large_sidescrolloff_no_overflow() + 10new + 20vsp + setlocal nowrap sidescrolloff=2147483647 + call setline(1, repeat('a', 40)) + + normal! $ + redraw! + call assert_equal(29, winsaveview().leftcol) + + normal! zs + redraw! + call assert_equal(29, winsaveview().leftcol) + + normal! ze + redraw! + call assert_equal(29, winsaveview().leftcol) + + normal! 0 + redraw! + call assert_equal(0, winsaveview().leftcol) + + bw! +endfunc + " Test for commands that scroll the window horizontally. Test with folds. " H, M, L, CTRL-E, CTRL-Y, CTRL-U, CTRL-D, PageUp, PageDown commands func Test_vert_scroll_cmds() diff --git a/src/version.c b/src/version.c index 2a8b84404..aa38e1a35 100644 --- a/src/version.c +++ b/src/version.c @@ -729,6 +729,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ +/**/ + 385, /**/ 384, /**/ -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/vim_dev/E1wFHGO-00EHiG-DB%40256bit.org.
