From df0b9e7a5dc8421bddfda1f08b22052a76d34e9f Mon Sep 17 00:00:00 2001
From: zeertzjq <zeertzjq@outlook.com>
Date: Thu, 2 Oct 2025 12:10:28 +0800
Subject: [PATCH] vim-patch:9.1.1818: possible crash when calculating topline
 in diff.c

Problem:  possible crash when calculating topline in diff.c
          (youngmith)
Solution: Check for pointer being Null before accessing it

fixes: vim/vim#18437

https://github.com/vim/vim/commit/d32b3bb7ebe29f856a054cfd552c68afabd065c3

The POC is likely not applicable to Nvim due to #32160.

Co-authored-by: Christian Brabandt <cb@256bit.org>
---
 src/nvim/diff.c                 |  2 +-
 test/old/testdir/test_crash.vim | 23 +++++++++++++++++++++++
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/src/nvim/diff.c b/src/nvim/diff.c
index 5a52d37577..1188b72821 100644
--- a/src/nvim/diff.c
+++ b/src/nvim/diff.c
@@ -2052,7 +2052,7 @@ static void calculate_topfill_and_topline(const int fromidx, const int toidx, co
 
   // move the same amount of virtual lines in the target buffer to find the
   // cursor's line number
-  int curlinenum_to = thistopdiff->df_lnum[toidx];
+  int curlinenum_to = thistopdiff != NULL ? thistopdiff->df_lnum[toidx] : 1;
 
   int virt_lines_left = virtual_lines_passed;
   curdif = thistopdiff;
diff --git a/test/old/testdir/test_crash.vim b/test/old/testdir/test_crash.vim
index b8fc55bb2d..88713894d1 100644
--- a/test/old/testdir/test_crash.vim
+++ b/test/old/testdir/test_crash.vim
@@ -144,6 +144,28 @@ func Test_crash1_2()
   call s:RunCommandAndWait(buf, args ..
     \ ' ; echo "crash 5: [OK]" >> '.. result)
 
+  let file = 'Xdiff'
+  let lines =<< trim END
+    diffs a
+    edit Xdiff
+    file b
+    exe "norm! \<C-w>\<C-w>"
+    exe "norm! \<C-w>\<C-w>"
+    exe "norm! \<C-w>\<C-w>"
+    exe "norm! \<C-w>\<C-w>"
+    exe "norm! \<C-w>\<C-w>"
+    exe "norm! \<C-w>\L"
+    exe "norm! \<C-j>oy\<C-j>"
+    edit Xdiff
+    sil!so
+  END
+  call writefile(lines, file, 'D')
+  let cmn_args = "%s -u NONE -i NONE -X -m -n -e -s -u %s -c ':qa!'"
+  let args = printf(cmn_args, vim, file)
+  call s:RunCommandAndWait(buf, args ..
+    \ ' && echo "crash 6: [OK]" >> '.. result)
+
+
   " clean up
   exe buf .. "bw!"
   exe "sp " .. result
@@ -153,6 +175,7 @@ func Test_crash1_2()
       \ 'crash 3: [OK]',
       \ 'crash 4: [OK]',
       \ 'crash 5: [OK]',
+      \ 'crash 6: [OK]',
       \ ]
 
   call assert_equal(expected, getline(1, '$'))