vim-patch:8.0.1468: illegal memory access in del_bytes()

Problem:    Illegal memory access in del_bytes().
Solution:   Check for negative byte count. (Christian Brabandt, closes vim/vim#2466)
191f18bad0

src/nvim/message.c

@@ -610,7 +610,7 @@ static bool emsgfv(const char *fmt, va_list ap)
 /// detected when fuzzing vim.
 void iemsg(const char *s)
 {
-    msg((char_u *)s);
+    emsg((char_u *)s);
 #ifdef ABORT_ON_INTERNAL_ERROR
     abort();
 #endif

src/nvim/misc1.c

@@ -1605,11 +1605,19 @@ int del_bytes(colnr_T count, bool fixpos_arg, bool use_delcombine)
   char_u *oldp = ml_get(lnum);
   colnr_T oldlen = (colnr_T)STRLEN(oldp);
 
-  /*
+  // Can't do anything when the cursor is on the NUL after the line.
-   * Can't do anything when the cursor is on the NUL after the line.
+  if (col >= oldlen) {
-   */
-  if (col >= oldlen)
     return FAIL;
+  }
+  // If "count" is zero there is nothing to do.
+  if (count == 0) {
+    return OK;
+  }
+  // If "count" is negative the caller must be doing something wrong.
+  if (count < 1) {
+    IEMSGN("E950: Invalid count for del_bytes(): %ld", count);
+    return FAIL;
+  }
 
   /* If 'delcombine' is set and deleting (less than) one character, only
    * delete the last combining character. */

src/nvim/strings.c

@@ -1217,6 +1217,7 @@ int vim_vsnprintf(char *str, size_t str_m, const char *fmt, va_list ap,
               str_arg_l = 3;
               zero_padding = 0;
             } else {
+              // Regular float number
               format[0] = '%';
               size_t l = 1;
               if (force_sign) {
@@ -1241,7 +1242,6 @@ int vim_vsnprintf(char *str, size_t str_m, const char *fmt, va_list ap,
               format[l] = (char)(fmt_spec == 'F' ? 'f' : fmt_spec);
               format[l + 1] = NUL;
 
-              // Regular float number
               str_arg_l = (size_t)snprintf(tmp, sizeof(tmp), format, f);
               assert(str_arg_l < sizeof(tmp));