patch 9.1.1823: diff: w_topline may be invalidated

Problem:  diff: w_topline may be invalidated
Solution: Update lnum in diff_set_topline()
          (Yee Cheng Chin).

This can happen in ex_diffupdate() for certain edge cases which cause
the logic to now be wrong. This was also the root cause for #18437 where
Vim would crash due to a null pointer dereferencing (said pointer would
not be null under normal circumstances).

related: #18437
closes: #18484

Signed-off-by: Yee Cheng Chin <ychin.git@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
Yee Cheng Chin
2025-10-04 10:26:55 +00:00
committed by Christian Brabandt
parent ae3a8664b3
commit dd9ed46a39
2 changed files with 5 additions and 2 deletions

View File

@ -2254,7 +2254,7 @@ calculate_topfill_and_topline(
// move the same amount of virtual lines in the target buffer to find the // move the same amount of virtual lines in the target buffer to find the
// cursor's line number // cursor's line number
if (thistopdiff != NULL) if (thistopdiff != NULL) // this should not be null, but just for safety
curlinenum_to = thistopdiff->df_lnum[toidx]; curlinenum_to = thistopdiff->df_lnum[toidx];
int virt_lines_left = virtual_lines_passed; int virt_lines_left = virtual_lines_passed;
@ -2681,7 +2681,7 @@ diff_check_fill(win_T *wp, linenr_T lnum)
diff_set_topline(win_T *fromwin, win_T *towin) diff_set_topline(win_T *fromwin, win_T *towin)
{ {
buf_T *frombuf = fromwin->w_buffer; buf_T *frombuf = fromwin->w_buffer;
linenr_T lnum = fromwin->w_topline; linenr_T lnum;
int fromidx; int fromidx;
int toidx; int toidx;
diff_T *dp; diff_T *dp;
@ -2693,6 +2693,7 @@ diff_set_topline(win_T *fromwin, win_T *towin)
if (curtab->tp_diff_invalid) if (curtab->tp_diff_invalid)
ex_diffupdate(NULL); // update after a big change ex_diffupdate(NULL); // update after a big change
lnum = fromwin->w_topline;
towin->w_topfill = 0; towin->w_topfill = 0;
// search for a change that includes "lnum" in the list of diffblocks. // search for a change that includes "lnum" in the list of diffblocks.

View File

@ -729,6 +729,8 @@ static char *(features[]) =
static int included_patches[] = static int included_patches[] =
{ /* Add new patch number below this line */ { /* Add new patch number below this line */
/**/
1823,
/**/ /**/
1822, 1822,
/**/ /**/