Fix illegal memory access when using expressions in the command line.

author: Bram Moolenaar <bram@vim.org> 2010-08-13 16:51:26 +0200
committer: Bram Moolenaar <bram@vim.org> 2010-08-13 16:51:26 +0200
commit: ac261fca96bf55797cc153c3c1eeed913bad3065 (patch)
tree: 72229839745de9c68449728ee436566429e751eb
parent: 58c1bcec65845bcf9bca59c1fe8508e58e18b2bc (diff)
download: vim-ac261fca96bf55797cc153c3c1eeed913bad3065.tar.gz
2 files changed, 4 insertions, 3 deletions
diff --git a/runtime/doc/todo.txt b/runtime/doc/todo.txt
index 56faa684..dbb5be73 100644
--- a/runtime/doc/todo.txt
+++ b/runtime/doc/todo.txt
@@ -30,8 +30,6 @@ be worked on, but only if you sponsor Vim development.  See |sponsor|.
 							*known-bugs*
 -------------------- Known bugs and current work -----------------------
 
-Patch for crash with cmdline editing functions. (Dominique Pelle, 2010 Aug 12)
-
 Have a close look at :find completion, anything that could be wrong?
 
 Test 73 fails on MS-Windows when compiled with DJGPP and run twice.  How to
diff --git a/src/ex_getln.c b/src/ex_getln.c
index d2925535..1cf67854 100644
--- a/src/ex_getln.c
+++ b/src/ex_getln.c
@@ -2527,7 +2527,10 @@ realloc_cmdbuff(len)
 	ccline.cmdbuff = p;		/* keep the old one */
 	return FAIL;
     }
-    mch_memmove(ccline.cmdbuff, p, (size_t)ccline.cmdlen + 1);
+    /* There isn't always a NUL after the command, but it may need to be
+     * there, thus copy up to the NUL and add a NUL. */
+    mch_memmove(ccline.cmdbuff, p, (size_t)ccline.cmdlen);
+    ccline.cmdbuff[ccline.cmdlen] = NUL;
     vim_free(p);
 
     if (ccline.xpc != NULL
author	Bram Moolenaar <bram@vim.org>	2010-08-13 16:51:26 +0200
committer	Bram Moolenaar <bram@vim.org>	2010-08-13 16:51:26 +0200
commit	ac261fca96bf55797cc153c3c1eeed913bad3065 (patch)
tree	72229839745de9c68449728ee436566429e751eb
parent	58c1bcec65845bcf9bca59c1fe8508e58e18b2bc (diff)
download	vim-ac261fca96bf55797cc153c3c1eeed913bad3065.tar.gz