From ac45f314547ed9904ddc387157d3f4ba0c5fe1d2 Mon Sep 17 00:00:00 2001
From: Eli Zaretskii <eliz@gnu.org>
Date: Wed, 24 Feb 2021 17:55:28 +0200
Subject: [PATCH] Fix dangerous code in xdisp.c

* src/xdisp.c (move_it_to, display_line): Make sure ZV_BYTE is
greater than 1 before fetching previous byte.
---
 src/xdisp.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/xdisp.c b/src/xdisp.c
index cd3455aefcf..cc0a689ba32 100644
--- a/src/xdisp.c
+++ b/src/xdisp.c
@@ -10052,7 +10052,7 @@ move_it_to (struct it *it, ptrdiff_t to_charpos, int to_x, int to_y, int to_vpos
 	      && (IT_CHARPOS (*it) > to_charpos
 		  || (IT_CHARPOS (*it) == to_charpos
 		      && to_charpos == ZV
-		      && FETCH_BYTE (ZV_BYTE - 1) != '\n')))
+		      && (ZV_BYTE <= 1 || FETCH_BYTE (ZV_BYTE - 1) != '\n'))))
 	    {
 	      reached = 9;
 	      goto out;
@@ -24118,7 +24118,8 @@ display_line (struct it *it, int cursor_vpos)
 	     the logical order.  */
 	  if (IT_BYTEPOS (*it) > BEG_BYTE)
 	    row->ends_at_zv_p =
-	      IT_BYTEPOS (*it) >= ZV_BYTE && FETCH_BYTE (ZV_BYTE - 1) != '\n';
+	      IT_BYTEPOS (*it) >= ZV_BYTE
+	      && (ZV_BYTE <= 1 || FETCH_BYTE (ZV_BYTE - 1) != '\n');
 	  else
 	    row->ends_at_zv_p = false;
 	  break;
-- 
2.39.2