commit 405c6c9bb03fbb270284937f95fb9cf14f4c40dd
parent 50423942418bbf6019fdd30d7d8779ddcaee2b2d
Author: zeertzjq <zeertzjq@outlook.com>
Date: Thu, 15 Jan 2026 14:51:13 +0800
Merge pull request #37403 from zeertzjq/vim-9.1.0700
vim-patch:9.1.{0700,0701,0702,0703}
Diffstat:
4 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/nvim/regexp.c b/src/nvim/regexp.c
@@ -14799,7 +14799,8 @@ static int nfa_regmatch(nfa_regprog_T *prog, nfa_state_T *start, regsubs_T *subm
result = FAIL;
}
- if (t->state->out->out1->c == NFA_END_COMPOSING) {
+ if (t->state->out->out1 != NULL
+ && t->state->out->out1->c == NFA_END_COMPOSING) {
end = t->state->out->out1;
ADD_STATE_IF_MATCH(end);
}
diff --git a/test/old/testdir/crash/heap_overflow_glob2regpat b/test/old/testdir/crash/heap_overflow_glob2regpat
Binary files differ.
diff --git a/test/old/testdir/crash/nullptr_regexp_nfa b/test/old/testdir/crash/nullptr_regexp_nfa
Binary files differ.
diff --git a/test/old/testdir/test_crash.vim b/test/old/testdir/test_crash.vim
@@ -226,6 +226,17 @@ func Test_crash1_3()
call term_sendkeys(buf, args)
call TermWait(buf, 150)
+ let file = 'crash/heap_overflow_glob2regpat'
+ let cmn_args = "%s -u NONE -i NONE -n -X -m -n -e -s -S %s -c ':qa!'"
+ let args = printf(cmn_args, vim, file)
+ call term_sendkeys(buf, args)
+ call TermWait(buf, 50)
+
+ let file = 'crash/nullptr_regexp_nfa'
+ let cmn_args = "%s -u NONE -i NONE -n -X -m -n -e -s -S %s -c ':qa!'"
+ let args = printf(cmn_args, vim, file)
+ call term_sendkeys(buf, args)
+ call TermWait(buf, 50)
" clean up
exe buf .. "bw!"
