diff options
| author | zeertzjq <zeertzjq@outlook.com> | 2025-02-22 07:32:40 +0800 |
|---|---|---|
| committer | zeertzjq <zeertzjq@outlook.com> | 2025-03-27 07:26:42 +0800 |
| commit | 30293575204bc6b1cdc8a7e06af2710921d46da2 (patch) | |
| tree | ecbb19e2a0613fda10f78363d2a6d95bb2697013 | |
| parent | c17caca9b7a5e11c1262a0d8409075d9168980d3 (diff) | |
| download | rneovim-30293575204bc6b1cdc8a7e06af2710921d46da2.tar.gz rneovim-30293575204bc6b1cdc8a7e06af2710921d46da2.tar.bz2 rneovim-30293575204bc6b1cdc8a7e06af2710921d46da2.zip | |
vim-patch:9.1.1131: potential out-of-memory issue in search.c
Problem: potential out-of-memory issue in search.c
Solution: improve situation and refactor search.c slightly
(John Marriott)
- In function update_search_stat():
add a check for a theoretical null pointer reference, set and remember
the length of lastpat, remove the three calls to STRLEN() and use the
various string's associated lengths instead, add a check for an
out-of-memory condition.
- In function search_for_fuzz_match():
remove a call to strnsave() and thus avoid having to add a check for
an out-of-memory condition, also replace the call to STRLEN() by
ml_get_buf_len().
closes: vim/vim#16689
https://github.com/vim/vim/commit/b79fa3d9c8a08f15267797511d779e33bd33e68e
Co-authored-by: John Marriott <basilisk@internode.on.net>
| -rw-r--r-- | src/nvim/search.c | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/src/nvim/search.c b/src/nvim/search.c index 19de55666f..07bc84ba84 100644 --- a/src/nvim/search.c +++ b/src/nvim/search.c @@ -3684,8 +3684,6 @@ bool search_for_fuzzy_match(buf_T *buf, pos_T *pos, char *pattern, int dir, pos_ pos_T circly_end; bool found_new_match = false; bool looped_around = false; - char *next_word_end = NULL; - char *match_word = NULL; if (whole_line) { current_pos.lnum += dir; @@ -3718,9 +3716,8 @@ bool search_for_fuzzy_match(buf_T *buf, pos_T *pos, char *pattern, int dir, pos_ found_new_match = fuzzy_match_str_in_line(ptr, pattern, len, ¤t_pos); if (found_new_match) { if (ctrl_x_mode_normal()) { - match_word = xstrnsave(*ptr, (size_t)(*len)); - if (strcmp(match_word, pattern) == 0) { - next_word_end = find_word_start(*ptr + *len); + if (strncmp(*ptr, pattern, (size_t)(*len)) == 0 && pattern[*len] == NUL) { + char *next_word_end = find_word_start(*ptr + *len); if (*next_word_end != NUL && *next_word_end != NL) { // Find end of the word. while (*next_word_end != NUL) { @@ -3736,7 +3733,6 @@ bool search_for_fuzzy_match(buf_T *buf, pos_T *pos, char *pattern, int dir, pos_ *len = (int)(next_word_end - *ptr); current_pos.col = *len; } - xfree(match_word); } *pos = current_pos; break; @@ -3747,7 +3743,7 @@ bool search_for_fuzzy_match(buf_T *buf, pos_T *pos, char *pattern, int dir, pos_ if (fuzzy_match_str(*ptr, pattern) > 0) { found_new_match = true; *pos = current_pos; - *len = (int)strlen(*ptr); + *len = ml_get_buf_len(buf, current_pos.lnum); break; } } |