commit 5226801be26419f9a8277cbc35592cc2f0004d64
parent f3cfe9a94bd5413f32360eb3db9e786ba9df3286
Author: Sean Dewar <6256228+seandewar@users.noreply.github.com>
Date: Fri, 16 Jan 2026 00:17:59 +0000
fix(api): parse_expression crash with ident and curly
Problem: nvim_parse_expression null pointer dereference when parsing an
identifier followed by { with "highlight" parameter set to false.
Solution: only set opening_hl_idx if pstate->colors is not NULL.
Not added to parser_tests.lua as that uses highlight = true.
Diffstat:
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/src/nvim/viml/parser/expressions.c b/src/nvim/viml/parser/expressions.c
@@ -2636,7 +2636,9 @@ viml_pexpr_parse_figure_brace_closing_error:
ADD_IDENT(do {
NEW_NODE_WITH_CUR_POS(cur_node,
kExprNodeCurlyBracesIdentifier);
- cur_node->data.fig.opening_hl_idx = kv_size(*pstate->colors);
+ if (pstate->colors) {
+ cur_node->data.fig.opening_hl_idx = kv_size(*pstate->colors);
+ }
cur_node->data.fig.type_guesses.allow_lambda = false;
cur_node->data.fig.type_guesses.allow_dict = false;
cur_node->data.fig.type_guesses.allow_ident = true;
diff --git a/test/functional/api/vim_spec.lua b/test/functional/api/vim_spec.lua
@@ -3238,9 +3238,11 @@ describe('API', function()
end
end
- it('does not crash parsing invalid VimL expression #29648', function()
+ it('does not crash parsing invalid VimL expression', function()
api.nvim_input(':<C-r>=')
- api.nvim_input('1bork/')
+ api.nvim_input('1bork/') -- #29648
+ assert_alive()
+ api.nvim_parse_expression('a{b}', '', false)
assert_alive()
end)
