patch 9.1.1751: potential buffer-overflow in find_pattern_in_path()
Commit:
https://github.com/vim/vim/commit/21ecb0d2e2888ded9da04c4f47758cec99063822
Author: Christian Brabandt <[email protected]>
Date: Wed Sep 10 04:09:23 2025 -0400
patch 9.1.1751: potential buffer-overflow in find_pattern_in_path()
Problem: potential buffer-overflow in find_pattern_in_path()
Problem: Verify ptr p has enough room before adding ins_compl_len()
fixes: #18195
closes: #18249
Signed-off-by: Christian Brabandt <[email protected]>
diff --git a/src/search.c b/src/search.c
index 677d1735a..bd607fb4b 100644
--- a/src/search.c
+++ b/src/search.c
@@ -3795,7 +3795,7 @@ search_line:
break;
found = TRUE;
aux = p = startp;
- if (compl_status_adding())
+ if (compl_status_adding() && (int)STRLEN(p) >= ins_compl_len())
{
p += ins_compl_len();
if (vim_iswordp(p))
diff --git a/src/version.c b/src/version.c
index c741108d9..c74490c3e 100644
--- a/src/version.c
+++ b/src/version.c
@@ -724,6 +724,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 1751,
/**/
1750,
/**/
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/vim_dev/E1uwFyt-00FC0Q-MO%40256bit.org.
