Commit: patch 9.1.1751: potential buffer-overflow in find_pattern_in_path()
0 views
Skip to first unread message
Christian Brabandt
Sep 10, 2025, 4:15:17 AM (2 days ago) Sep 10
to vim...@googlegroups.com
patch 9.1.1751: potential buffer-overflow in find_pattern_in_path()
Commit: https://github.com/vim/vim/commit/21ecb0d2e2888ded9da04c4f47758cec99063822
Author: Christian Brabandt <c...@256bit.org>
Date: Wed Sep 10 04:09:23 2025 -0400
patch 9.1.1751: potential buffer-overflow in find_pattern_in_path()
Problem: potential buffer-overflow in find_pattern_in_path()
Problem: Verify ptr p has enough room before adding ins_compl_len()
fixes: #18195
closes: #18249
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/search.c b/src/search.c
index 677d1735a..bd607fb4b 100644
--- a/src/search.c
+++ b/src/search.c
@@ -3795,7 +3795,7 @@ search_line:
break;
found = TRUE;
aux = p = startp;
- if (compl_status_adding())
+ if (compl_status_adding() && (int)STRLEN(p) >= ins_compl_len())
{
p += ins_compl_len();
if (vim_iswordp(p))
diff --git a/src/version.c b/src/version.c
index c741108d9..c74490c3e 100644
--- a/src/version.c
+++ b/src/version.c
@@ -724,6 +724,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 1751,
/**/
1750,
/**/
Commit: https://github.com/vim/vim/commit/21ecb0d2e2888ded9da04c4f47758cec99063822
Author: Christian Brabandt <c...@256bit.org>
Date: Wed Sep 10 04:09:23 2025 -0400
patch 9.1.1751: potential buffer-overflow in find_pattern_in_path()
Problem: potential buffer-overflow in find_pattern_in_path()
Problem: Verify ptr p has enough room before adding ins_compl_len()
fixes: #18195
closes: #18249
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/search.c b/src/search.c
index 677d1735a..bd607fb4b 100644
--- a/src/search.c
+++ b/src/search.c
@@ -3795,7 +3795,7 @@ search_line:
break;
found = TRUE;
aux = p = startp;
- if (compl_status_adding())
+ if (compl_status_adding() && (int)STRLEN(p) >= ins_compl_len())
{
p += ins_compl_len();
if (vim_iswordp(p))
diff --git a/src/version.c b/src/version.c
index c741108d9..c74490c3e 100644
--- a/src/version.c
+++ b/src/version.c
@@ -724,6 +724,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 1751,
/**/
1750,
/**/
Reply all
Reply to author
Forward
0 new messages