commit 46727a7feb154eb3d4e898a44a6ae5d3f16f4398
parent 9a44bbd57410a420b676fdeea6e57290d6298adf
Author: zeertzjq <zeertzjq@outlook.com>
Date: Sat, 5 Jul 2025 21:40:46 +0800
vim-patch:9.1.1510: Search completion may use invalid memory
Problem: Search completion may use invalid memory (after 9.1.1490).
Solution: Don't get two line pointers at the same time (zeertzjq).
closes: vim/vim#17661
https://github.com/vim/vim/commit/5e34eec6f83222b1aa55c19d5f8f657d76d39121
Diffstat:
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/nvim/cmdexpand.c b/src/nvim/cmdexpand.c
@@ -3875,15 +3875,13 @@ static int copy_substring_from_pos(pos_T *start, pos_T *end, char **match, pos_T
|| (start->lnum == end->lnum && start->col >= end->col)) {
return FAIL; // invalid range
}
- // Get line pointers
- char *start_line = ml_get(start->lnum);
- char *end_line = ml_get(end->lnum);
// Use a growable string (ga)
garray_T ga;
ga_init(&ga, 1, 128);
// Append start line from start->col to end
+ char *start_line = ml_get(start->lnum);
char *start_ptr = start_line + start->col;
bool is_single_line = start->lnum == end->lnum;
@@ -3906,6 +3904,7 @@ static int copy_substring_from_pos(pos_T *start, pos_T *end, char **match, pos_T
}
// Append partial end line (up to word end)
+ char *end_line = ml_get(end->lnum);
char *word_end = find_word_end(end_line + end->col);
segment_len = (int)(word_end - end_line);
ga_grow(&ga, segment_len);
diff --git a/test/old/testdir/test_cmdline.vim b/test/old/testdir/test_cmdline.vim
@@ -4503,6 +4503,7 @@ func Test_search_wildmenu_screendump()
CheckScreendump
let lines =<< trim [SCRIPT]
+ call test_override('alloc_lines', 1)
set wildmenu wildcharm=<f5>
call setline(1, ['the', 'these', 'the', 'foobar', 'thethe', 'thethere'])
[SCRIPT]
