diff options
| author | zeertzjq <zeertzjq@outlook.com> | 2023-11-17 09:12:01 +0800 |
|---|---|---|
| committer | zeertzjq <zeertzjq@outlook.com> | 2023-11-17 09:54:03 +0800 |
| commit | 8dc72789cfad630c2f2da572916490a32d5155e6 (patch) | |
| tree | 8dc7184ee0f1a2394861b144051f573fc83b0441 /src | |
| parent | a589156b4d3ea2dc72908b8773c42ad012929c64 (diff) | |
| download | rneovim-8dc72789cfad630c2f2da572916490a32d5155e6.tar.gz rneovim-8dc72789cfad630c2f2da572916490a32d5155e6.tar.bz2 rneovim-8dc72789cfad630c2f2da572916490a32d5155e6.zip | |
vim-patch:9.0.1858: [security] heap use after free in ins_compl_get_exp()
Problem: heap use after free in ins_compl_get_exp()
Solution: validate buffer before accessing it
https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139
Co-authored-by: Christian Brabandt <cb@256bit.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/nvim/insexpand.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/nvim/insexpand.c b/src/nvim/insexpand.c index 28d1c8216e..f565d5b9e8 100644 --- a/src/nvim/insexpand.c +++ b/src/nvim/insexpand.c @@ -3435,7 +3435,7 @@ static int ins_compl_get_exp(pos_T *ini) compl_started = true; } else { // Mark a buffer scanned when it has been scanned completely - if (type == 0 || type == CTRL_X_PATH_PATTERNS) { + if (buf_valid(st.ins_buf) && (type == 0 || type == CTRL_X_PATH_PATTERNS)) { assert(st.ins_buf); st.ins_buf->b_scanned = true; } |