neovim

Neovim text editor
git clone https://git.dasho.dev/neovim.git
Log | Files | Refs | README
commit 5d1f0c3eca9675bfdeb75402ec3340d05cc34732
parent c366a63e4cdd97fc2818be348186a18e1b6eb8df
Author: zeertzjq <zeertzjq@outlook.com>
Date:   Wed, 24 Aug 2022 21:40:14 +0800

vim-patch:9.0.0046: reading past end of completion with duplicate match

Problem:    Reading past end of completion with duplicate match.
Solution:   Check string length
https://github.com/vim/vim/commit/baefde14550231f6468ac2ed2ed495bc381c0c92

Diffstat:

Msrc/nvim/insexpand.c | 2+-


Msrc/nvim/testdir/test_ins_complete.vim | 10++++++++++


2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/nvim/insexpand.c b/src/nvim/insexpand.c
@@ -709,7 +709,7 @@ static int ins_compl_add(char_u *const str, int len, char_u *const fname,
     do {
       if (!match_at_original_text(match)
           && STRNCMP(match->cp_str, str, len) == 0
-          && match->cp_str[len] == NUL) {
+          && ((int)STRLEN(match->cp_str) <= len || match->cp_str[len] == NUL)) {
         FREE_CPTEXT(cptext, cptext_allocated);
         return NOTDONE;
       }
diff --git a/src/nvim/testdir/test_ins_complete.vim b/src/nvim/testdir/test_ins_complete.vim
@@ -969,5 +969,15 @@ func Test_infercase_very_long_line()
   set noic noinfercase
 endfunc
 
+func Test_ins_complete_add()
+  " this was reading past the end of allocated memory
+  new
+  norm o
+  norm 7o€€
+  sil! norm o
+
+  bwipe!
+endfunc
+
 
 " vim: shiftwidth=2 sts=2 expandtab