diff options
| author | zeertzjq <zeertzjq@outlook.com> | 2025-02-22 06:49:59 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-02-21 22:49:59 +0000 |
| commit | f3f94d2c373e2560f84082c11ced2c3f5c7736bb (patch) | |
| tree | 476ab8be8f4ae572fb1b80ad901035afb3926701 | |
| parent | cdedfc3743dfc2bb53e0255f10aefd831275b714 (diff) | |
| download | rneovim-f3f94d2c373e2560f84082c11ced2c3f5c7736bb.tar.gz rneovim-f3f94d2c373e2560f84082c11ced2c3f5c7736bb.tar.bz2 rneovim-f3f94d2c373e2560f84082c11ced2c3f5c7736bb.zip | |
vim-patch:partial:9.1.1131: potential out-of-memory issue in search.c (#32565)
Problem: potential out-of-memory issue in search.c
Solution: improve situation and refactor search.c slightly
(John Marriott)
- In function update_search_stat():
add a check for a theoretical null pointer reference, set and remember
the length of lastpat, remove the three calls to STRLEN() and use the
various string's associated lengths instead, add a check for an
out-of-memory condition.
- In function search_for_fuzz_match():
remove a call to strnsave() and thus avoid having to add a check for
an out-of-memory condition, also replace the call to STRLEN() by
ml_get_buf_len().
closes: vim/vim#16689
https://github.com/vim/vim/commit/b79fa3d9c8a08f15267797511d779e33bd33e68e
Co-authored-by: John Marriott <basilisk@internode.on.net>
| -rw-r--r-- | src/nvim/search.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/nvim/search.c b/src/nvim/search.c index 9f8ceae2a0..04f33b9445 100644 --- a/src/nvim/search.c +++ b/src/nvim/search.c @@ -2704,6 +2704,7 @@ static void update_search_stat(int dirc, pos_T *pos, pos_T *cursor_pos, searchst static int last_maxcount = SEARCH_STAT_DEF_MAX_COUNT; static int chgtick = 0; static char *lastpat = NULL; + static size_t lastpatlen = 0; static buf_T *lbuf = NULL; CLEAR_POINTER(stat); @@ -2725,9 +2726,9 @@ static void update_search_stat(int dirc, pos_T *pos, pos_T *cursor_pos, searchst // Unfortunately, there is no STRNICMP function. // XXX: above comment should be "no MB_STRCMP function" ? if (!(chgtick == buf_get_changedtick(curbuf) - && lastpat != NULL // suppress clang/NULL passed as nonnull parameter - && STRNICMP(lastpat, spats[last_idx].pat, strlen(lastpat)) == 0 - && strlen(lastpat) == strlen(spats[last_idx].pat) + && (lastpat != NULL // suppress clang/NULL passed as nonnull parameter + && mb_strnicmp(lastpat, spats[last_idx].pat, lastpatlen) == 0 + && lastpatlen == spats[last_idx].patlen) && equalpos(lastpos, *cursor_pos) && lbuf == curbuf) || wraparound || cur < 0 || (maxcount > 0 && cur > maxcount) @@ -2780,7 +2781,8 @@ static void update_search_stat(int dirc, pos_T *pos, pos_T *cursor_pos, searchst } if (done_search) { xfree(lastpat); - lastpat = xstrdup(spats[last_idx].pat); + lastpat = xstrnsave(spats[last_idx].pat, spats[last_idx].patlen); + lastpatlen = spats[last_idx].patlen; chgtick = (int)buf_get_changedtick(curbuf); lbuf = curbuf; lastpos = p; |