From d068e821d60dc9d9ae606969010b087040b98b59 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Ekl=C3=B6f?= <daniel@ekloef.se>
Date: Sat, 23 Apr 2022 12:25:21 +0200
Subject: [PATCH] =?UTF-8?q?search:=20matches=5Fnext:=20don=E2=80=99t=20wra?=
 =?UTF-8?q?p=20around=20grid->num=5Frows?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When bumping the iter’s start.row, we’re working with view-local
coordinates. That is, 0 >= row < term->rows.

This means it is wrong to and with grid->num_rows - 1, because a),
‘row’ should **never** be that big. And b), if we do, we’ll just end
up in an infinite loop, where the next call to matches_next() just
starts over from the beginning again (and eventually hitting the exact
same place that got us started).
---
 search.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/search.c b/search.c
index 330ea791..8f99fae7 100644
--- a/search.c
+++ b/search.c
@@ -580,10 +580,14 @@ search_matches_next(struct search_match_iterator *iter)
 
             if (iter->start.col >= term->cols) {
                 iter->start.col = 0;
-                iter->start.row++;
-                iter->start.row &= grid->num_rows - 1;
+                iter->start.row++;  /* Overflow is caught in next iteration */
             }
 
+            xassert(iter->start.row >= 0);
+            xassert(iter->start.row <= term->rows);
+            xassert(iter->start.col >= 0);
+            xassert(iter->start.col < term->cols);
+
             if (match.start.row == term->search.match.row &&
                 match.start.col == term->search.match.col)
             {