Commit: patch 9.1.1510: Search completion may use invalid memory
2 views
Skip to first unread message
Christian Brabandt
Jul 5, 2025, 9:45:19 AM7/5/25
to vim...@googlegroups.com
patch 9.1.1510: Search completion may use invalid memory
Commit: https://github.com/vim/vim/commit/5e34eec6f83222b1aa55c19d5f8f657d76d39121
Author: zeertzjq <zeer...@outlook.com>
Date: Sat Jul 5 15:37:17 2025 +0200
patch 9.1.1510: Search completion may use invalid memory
Problem: Search completion may use invalid memory (after 9.1.1490).
Solution: Don't get two line pointers at the same time (zeertzjq).
closes: #17661
Signed-off-by: zeertzjq <zeer...@outlook.com>
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/cmdexpand.c b/src/cmdexpand.c
index b1c9ed67a..5fa631c22 100644
--- a/src/cmdexpand.c
+++ b/src/cmdexpand.c
@@ -4638,14 +4638,11 @@ copy_substring_from_pos(pos_T *start, pos_T *end, char_u **match,
|| (start->lnum == end->lnum && start->col >= end->col))
return FAIL; // invalid range
- // Get line pointers
- start_line = ml_get(start->lnum);
- end_line = ml_get(end->lnum);
-
// Use a growable string (ga)
ga_init2(&ga, 1, 128);
// Append start line from start->col to end
+ start_line = ml_get(start->lnum);
char_u *start_ptr = start_line + start->col;
int is_single_line = start->lnum == end->lnum;
@@ -4672,6 +4669,7 @@ copy_substring_from_pos(pos_T *start, pos_T *end, char_u **match,
}
// Append partial end line (up to word end)
+ end_line = ml_get(end->lnum);
word_end = find_word_end(end_line + end->col);
segment_len = (int)(word_end - end_line);
if (ga_grow(&ga, segment_len) != OK)
diff --git a/src/testdir/test_cmdline.vim b/src/testdir/test_cmdline.vim
index 844f58945..f9533fa02 100644
--- a/src/testdir/test_cmdline.vim
+++ b/src/testdir/test_cmdline.vim
@@ -4504,6 +4504,7 @@ func Test_search_wildmenu_screendump()
CheckScreendump
let lines =<< trim [SCRIPT]
+ call test_override('alloc_lines', 1)
set wildmenu wildcharm=<f5>
call setline(1, ['the', 'these', 'the', 'foobar', 'thethe', 'thethere'])
[SCRIPT]
diff --git a/src/version.c b/src/version.c
index 3f0b6610c..4175c62e8 100644
--- a/src/version.c
+++ b/src/version.c
@@ -719,6 +719,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 1510,
/**/
1509,
/**/
Commit: https://github.com/vim/vim/commit/5e34eec6f83222b1aa55c19d5f8f657d76d39121
Author: zeertzjq <zeer...@outlook.com>
Date: Sat Jul 5 15:37:17 2025 +0200
patch 9.1.1510: Search completion may use invalid memory
Problem: Search completion may use invalid memory (after 9.1.1490).
Solution: Don't get two line pointers at the same time (zeertzjq).
closes: #17661
Signed-off-by: zeertzjq <zeer...@outlook.com>
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/cmdexpand.c b/src/cmdexpand.c
index b1c9ed67a..5fa631c22 100644
--- a/src/cmdexpand.c
+++ b/src/cmdexpand.c
@@ -4638,14 +4638,11 @@ copy_substring_from_pos(pos_T *start, pos_T *end, char_u **match,
|| (start->lnum == end->lnum && start->col >= end->col))
return FAIL; // invalid range
- // Get line pointers
- start_line = ml_get(start->lnum);
- end_line = ml_get(end->lnum);
-
// Use a growable string (ga)
ga_init2(&ga, 1, 128);
// Append start line from start->col to end
+ start_line = ml_get(start->lnum);
char_u *start_ptr = start_line + start->col;
int is_single_line = start->lnum == end->lnum;
@@ -4672,6 +4669,7 @@ copy_substring_from_pos(pos_T *start, pos_T *end, char_u **match,
}
// Append partial end line (up to word end)
+ end_line = ml_get(end->lnum);
word_end = find_word_end(end_line + end->col);
segment_len = (int)(word_end - end_line);
if (ga_grow(&ga, segment_len) != OK)
diff --git a/src/testdir/test_cmdline.vim b/src/testdir/test_cmdline.vim
index 844f58945..f9533fa02 100644
--- a/src/testdir/test_cmdline.vim
+++ b/src/testdir/test_cmdline.vim
@@ -4504,6 +4504,7 @@ func Test_search_wildmenu_screendump()
CheckScreendump
let lines =<< trim [SCRIPT]
+ call test_override('alloc_lines', 1)
set wildmenu wildcharm=<f5>
call setline(1, ['the', 'these', 'the', 'foobar', 'thethe', 'thethere'])
[SCRIPT]
diff --git a/src/version.c b/src/version.c
index 3f0b6610c..4175c62e8 100644
--- a/src/version.c
+++ b/src/version.c
@@ -719,6 +719,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 1510,
/**/
1509,
/**/
Reply all
Reply to author
Forward
0 new messages