vim-patch:8.2.3915: illegal memory access when completing with invalid bytes (#27491)

Problem: illegal memory access when completing with invalid bytes. Solution: Avoid going over the end of the completion text. vim/vim@4b28ba3 Co-authored-by: Bram Moolenaar <Bram@vim.org>
author: Raphael <glephunter@gmail.com> 2024-03-09 19:21:31 +0800
committer: GitHub <noreply@github.com> 2024-03-09 19:21:31 +0800
commit: 0e284939143ae5bd55f78ece388346811af842ea (patch)
tree: 80eb7a9818147bd1de1a0638e0df58cd351f888d /src
parent: 9eda2f249574ccbe844a718b7e09fb08854a5481 (diff)
download: rneovim-0e284939143ae5bd55f78ece388346811af842ea.tar.gz
rneovim-0e284939143ae5bd55f78ece388346811af842ea.tar.bz2
rneovim-0e284939143ae5bd55f78ece388346811af842ea.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/src/nvim/insexpand.c b/src/nvim/insexpand.c
index 9d3b400496..41b964323e 100644
--- a/src/nvim/insexpand.c
+++ b/src/nvim/insexpand.c
@@ -3557,7 +3557,12 @@ void ins_compl_delete(void)
 /// "in_compl_func" is true when called from complete_check().
 void ins_compl_insert(bool in_compl_func)
 {
-  ins_bytes(compl_shown_match->cp_str + get_compl_len());
+  int compl_len = get_compl_len();
+  // Make sure we don't go over the end of the string, this can happen with
+  // illegal bytes.
+  if (compl_len < (int)strlen(compl_shown_match->cp_str)) {
+    ins_bytes(compl_shown_match->cp_str + compl_len);
+  }
   compl_used_match = !match_at_original_text(compl_shown_match);
 
   dict_T *dict = ins_compl_dict_alloc(compl_shown_match);
author	Raphael <glephunter@gmail.com>	2024-03-09 19:21:31 +0800
committer	GitHub <noreply@github.com>	2024-03-09 19:21:31 +0800
commit	0e284939143ae5bd55f78ece388346811af842ea (patch)
tree	80eb7a9818147bd1de1a0638e0df58cd351f888d /src
parent	9eda2f249574ccbe844a718b7e09fb08854a5481 (diff)
download	rneovim-0e284939143ae5bd55f78ece388346811af842ea.tar.gz rneovim-0e284939143ae5bd55f78ece388346811af842ea.tar.bz2 rneovim-0e284939143ae5bd55f78ece388346811af842ea.zip