aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Ennen <mike.ennen@gmail.com>2016-01-13 16:01:23 -0700
committerMichael Ennen <mike.ennen@gmail.com>2016-01-13 16:52:44 -0700
commit39ef2195357996ce0d2b2d2d41275a572f2891b3 (patch)
tree24950dfdc4cf6b49051ab4c79471458b6465136b
parent573d65c738dd2e5f4ee92a7f20946411206021f7 (diff)
downloadrneovim-39ef2195357996ce0d2b2d2d41275a572f2891b3.tar.gz
rneovim-39ef2195357996ce0d2b2d2d41275a572f2891b3.tar.bz2
rneovim-39ef2195357996ce0d2b2d2d41275a572f2891b3.zip
vim-patch:7.4.714
Problem: Illegal memory access when there are illegal bytes. Solution: Check the byte length of the character. (Dominique Pelle) https://github.com/vim/vim/commit/069dd08d8dbbbadc4e6780d5c881a24bce79a4f7
Diffstat
-rw-r--r--src/nvim/regexp.c8
-rw-r--r--src/nvim/version.c2
2 files changed, 6 insertions, 4 deletions
diff --git a/src/nvim/regexp.c b/src/nvim/regexp.c
index e2c4b590d0..39001939d8 100644
--- a/src/nvim/regexp.c
+++ b/src/nvim/regexp.c
@@ -5333,10 +5333,12 @@ do_class:
if ((len = (*mb_ptr2len)(opnd)) > 1) {
if (ireg_ic && enc_utf8)
cf = utf_fold(utf_ptr2char(opnd));
- while (count < maxcount) {
- for (i = 0; i < len; ++i)
- if (opnd[i] != scan[i])
+ while (count < maxcount && (*mb_ptr2len)(scan) >= len) {
+ for (i = 0; i < len; ++i) {
+ if (opnd[i] != scan[i]) {
break;
+ }
+ }
if (i < len && (!ireg_ic || !enc_utf8
|| utf_fold(utf_ptr2char(scan)) != cf))
break;
diff --git a/src/nvim/version.c b/src/nvim/version.c
index 804f750e18..a00b01a5dd 100644
--- a/src/nvim/version.c
+++ b/src/nvim/version.c
@@ -410,7 +410,7 @@ static int included_patches[] = {
// 717,
// 716,
// 715,
- // 714,
+ 714,
713,
712,
711,
generated by cgit (git 2.34.1) at 2025-06-24 07:23:36 +0000