neovim

Neovim text editor
git clone https://git.dasho.dev/neovim.git
Log | Files | Refs | README
commit 30293575204bc6b1cdc8a7e06af2710921d46da2
parent c17caca9b7a5e11c1262a0d8409075d9168980d3
Author: zeertzjq <zeertzjq@outlook.com>
Date:   Sat, 22 Feb 2025 07:32:40 +0800

vim-patch:9.1.1131: potential out-of-memory issue in search.c

Problem:  potential out-of-memory issue in search.c
Solution: improve situation and refactor search.c slightly
          (John Marriott)

- In function update_search_stat():
  add a check for a theoretical null pointer reference, set and remember
  the length of lastpat, remove the three calls to STRLEN() and use the
  various string's associated lengths instead, add a check for an
  out-of-memory condition.

- In function search_for_fuzz_match():
  remove a call to strnsave() and thus avoid having to add a check for
  an out-of-memory condition, also replace the call to STRLEN() by
  ml_get_buf_len().

closes: vim/vim#16689

https://github.com/vim/vim/commit/b79fa3d9c8a08f15267797511d779e33bd33e68e

Co-authored-by: John Marriott <basilisk@internode.on.net>

Diffstat:

Msrc/nvim/search.c | 10+++-------


1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/src/nvim/search.c b/src/nvim/search.c
@@ -3684,8 +3684,6 @@ bool search_for_fuzzy_match(buf_T *buf, pos_T *pos, char *pattern, int dir, pos_
   pos_T circly_end;
   bool found_new_match = false;
   bool looped_around = false;
-  char *next_word_end = NULL;
-  char *match_word = NULL;
 
   if (whole_line) {
     current_pos.lnum += dir;
@@ -3718,9 +3716,8 @@ bool search_for_fuzzy_match(buf_T *buf, pos_T *pos, char *pattern, int dir, pos_
           found_new_match = fuzzy_match_str_in_line(ptr, pattern, len, &current_pos);
           if (found_new_match) {
             if (ctrl_x_mode_normal()) {
-              match_word = xstrnsave(*ptr, (size_t)(*len));
-              if (strcmp(match_word, pattern) == 0) {
-                next_word_end = find_word_start(*ptr + *len);
+              if (strncmp(*ptr, pattern, (size_t)(*len)) == 0 && pattern[*len] == NUL) {
+                char *next_word_end = find_word_start(*ptr + *len);
                 if (*next_word_end != NUL && *next_word_end != NL) {
                   // Find end of the word.
                   while (*next_word_end != NUL) {
@@ -3736,7 +3733,6 @@ bool search_for_fuzzy_match(buf_T *buf, pos_T *pos, char *pattern, int dir, pos_
                 *len = (int)(next_word_end - *ptr);
                 current_pos.col = *len;
               }
-              xfree(match_word);
             }
             *pos = current_pos;
             break;
@@ -3747,7 +3743,7 @@ bool search_for_fuzzy_match(buf_T *buf, pos_T *pos, char *pattern, int dir, pos_
           if (fuzzy_match_str(*ptr, pattern) > 0) {
             found_new_match = true;
             *pos = current_pos;
-            *len = (int)strlen(*ptr);
+            *len = ml_get_buf_len(buf, current_pos.lnum);
             break;
           }
         }