mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-09-27 21:48:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(api): nvim_buf_get_text() crashes with large negative column #28740

Browse Source 
Problem:
crash when calling nvim_buf_get_text() with a large negative start_col:

    call nvim_buf_get_text(0, 0, -123456789, 0, 0, {})

Solution:
clamp start_col after subtracting it from the line length.
This commit is contained in:
vanaigr
2024-09-03 08:01:42 -05:00
committed by GitHub
parent ceddaedfad
commit d1d7d54680
2 changed files with 7 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/nvim/api/private/helpers.c
View File

@@ -528,21 +528,15 @@ String buf_get_text(buf_T *buf, int64_t lnum, int64_t start_col, int64_t end_col
start_col = start_col < 0 ? line_length + start_col + 1 : start_col;
end_col = end_col < 0 ? line_length + end_col + 1 : end_col;
if (start_col >= MAXCOL || end_col >= MAXCOL) {
api_set_error(err, kErrorTypeValidation, "Column index is too high");
return rv;
}
start_col = MIN(MAX(0, start_col), line_length);
end_col = MIN(MAX(0, end_col), line_length);
if (start_col > end_col) {
api_set_error(err, kErrorTypeValidation, "start_col must be less than end_col");
api_set_error(err, kErrorTypeValidation, "start_col must be less than or equal to end_col");
return rv;
}
if (start_col >= line_length) {
return rv;
}
return cstrn_as_string(&bufstr[start_col], (size_t)(end_col - start_col));
return cbuf_as_string(bufstr + start_col, (size_t)(end_col - start_col));
}
void api_free_string(String value)