commit 11b369925287a7706e8d6cab759263ef9192c5f3
parent 50423942418bbf6019fdd30d7d8779ddcaee2b2d
Author: zeertzjq <zeertzjq@outlook.com>
Date: Thu, 15 Jan 2026 13:53:39 +0800
vim-patch:9.1.0700: crash with 2byte encoding and glob2regpat()
Problem: possible crash with 2byte encoding and glob2regpat()
Solution: Skip over character, if it is multi-byte character
https://github.com/vim/vim/commit/1c815b54bbaf872c271d58043e51e56b908c1a20
Co-authored-by: Christian Brabandt <cb@256bit.org>
Diffstat:
3 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/nvim/fileio.c b/src/nvim/fileio.c
@@ -3754,7 +3754,6 @@ char *file_pat_to_reg_pat(const char *pat, const char *pat_end, char *allow_dirs
*allow_dirs = true;
}
reg_pat[i++] = '\\';
- reg_pat[i++] = *p;
}
break;
#ifdef BACKSLASH_IN_FILENAME
diff --git a/test/old/testdir/crash/heap_overflow_glob2regpat b/test/old/testdir/crash/heap_overflow_glob2regpat
Binary files differ.
diff --git a/test/old/testdir/test_crash.vim b/test/old/testdir/test_crash.vim
@@ -226,6 +226,12 @@ func Test_crash1_3()
call term_sendkeys(buf, args)
call TermWait(buf, 150)
+ let file = 'crash/heap_overflow_glob2regpat'
+ let cmn_args = "%s -u NONE -i NONE -n -X -m -n -e -s -S %s -c ':qa!'"
+ let args = printf(cmn_args, vim, file)
+ call term_sendkeys(buf, args)
+ call TermWait(buf, 50)
+
" clean up
exe buf .. "bw!"
