Fix invalid access of display line end
When a line only contains non-range atoms we can end-up accessing past the end atom. Add a test that shows the issue when run with valgrind, it is unfortunately quite hard to trigger a crash because the invalidly accessed byte usually leads to the correct code path being taken (when != DisplayAtom::Range) so we have only 1 in 255 chance of triggerring a crash. Fixes #4927
This commit is contained in:
parent
e58592f00a
commit
d43268fbeb
|
@ -1820,7 +1820,7 @@ struct ForwardHighlighterApplier
|
||||||
{
|
{
|
||||||
auto& line = *cur_line;
|
auto& line = *cur_line;
|
||||||
auto first = std::find_if(cur_atom, line.end(), [&](auto&& atom) { return atom.has_buffer_range() and atom.end() > begin; });
|
auto first = std::find_if(cur_atom, line.end(), [&](auto&& atom) { return atom.has_buffer_range() and atom.end() > begin; });
|
||||||
if (first->type() == DisplayAtom::Range and first->begin() < begin)
|
if (first != line.end() and first->type() == DisplayAtom::Range and first->begin() < begin)
|
||||||
first = ++line.split(first, begin);
|
first = ++line.split(first, begin);
|
||||||
auto idx = first - line.begin();
|
auto idx = first - line.begin();
|
||||||
|
|
||||||
|
|
1
test/regression/4927-crash-jumping-to-eol/cmd
Normal file
1
test/regression/4927-crash-jumping-to-eol/cmd
Normal file
|
@ -0,0 +1 @@
|
||||||
|
<a-l>
|
4
test/regression/4927-crash-jumping-to-eol/in
Normal file
4
test/regression/4927-crash-jumping-to-eol/in
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||||||
|
|
||||||
|
|
||||||
|
|
3
test/regression/4927-crash-jumping-to-eol/rc
Normal file
3
test/regression/4927-crash-jumping-to-eol/rc
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
add-highlighter global/ column 60 red
|
||||||
|
add-highlighter buffer/regions regions
|
||||||
|
add-highlighter buffer/regions/ default-region fill green
|
Loading…
Reference in New Issue
Block a user