From 1c864093f93b0066de25d6c0ddf03a6bc6b1c870 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Sun, 6 Aug 2017 18:15:45 +0200
Subject: patch 8.0.0883: invalid memory access with nonsensical script

Problem:    Invalid memory access with nonsensical script.
Solution:   Check "dstlen" being positive. (Dominique Pelle)
---
 src/misc1.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

(limited to 'src/misc1.c')

diff --git a/src/misc1.c b/src/misc1.c
index 4e51bed25..5f8b092c0 100644
--- a/src/misc1.c
+++ b/src/misc1.c
@@ -4180,13 +4180,18 @@ expand_env_esc(
 	    }
 	    else if ((src[0] == ' ' || src[0] == ',') && !one)
 		at_start = TRUE;
-	    *dst++ = *src++;
-	    --dstlen;
+	    if (dstlen > 0)
+	    {
+		*dst++ = *src++;
+		--dstlen;
 
-	    if (startstr != NULL && src - startstr_len >= srcp
-		    && STRNCMP(src - startstr_len, startstr, startstr_len) == 0)
-		at_start = TRUE;
+		if (startstr != NULL && src - startstr_len >= srcp
+			&& STRNCMP(src - startstr_len, startstr,
+							    startstr_len) == 0)
+		    at_start = TRUE;
+	    }
 	}
+
     }
     *dst = NUL;
 }
-- 
cgit v1.2.1