neovim

Neovim text editor
git clone https://git.dasho.dev/neovim.git
Log | Files | Refs | README
commit e084a99040dbfae5bc71bc2f5ea9b9933ce7b61c
parent 014c3bad8adb0eb7cd2b5af8e36ba869f5b314b2
Author: zeertzjq <zeertzjq@outlook.com>
Date:   Wed, 10 Sep 2025 17:39:18 +0800

vim-patch:9.1.1751: potential buffer-overflow in find_pattern_in_path() (#35705)

Problem:  potential buffer-overflow in find_pattern_in_path()
Problem:  Verify ptr p has enough room before adding ins_compl_len()

fixes: vim/vim#18195
closes: vim/vim#18249

https://github.com/vim/vim/commit/21ecb0d2e2888ded9da04c4f47758cec99063822

Co-authored-by: Christian Brabandt <cb@256bit.org>
Diffstat:

Msrc/nvim/search.c | 2+-


1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/nvim/search.c b/src/nvim/search.c
@@ -3253,7 +3253,7 @@ search_line:
         }
         found = true;
         char *aux = p = startp;
-        if (compl_status_adding()) {
+        if (compl_status_adding() && (int)strlen(p) >= ins_compl_len()) {
           p += ins_compl_len();
           if (vim_iswordp(p)) {
             goto exit_matched;