diff options
| author | zeertzjq <zeertzjq@outlook.com> | 2023-04-30 08:27:38 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-04-30 08:27:38 +0800 |
| commit | ab7dcefbebf5a483845e1fe1c82cb32e1c6418d4 (patch) | |
| tree | d96eac819e8d6fb7a90983b62642544e923ca62c /src | |
| parent | c194acbfc479d8e5839fa629363f93f6550d035c (diff) | |
| download | rneovim-ab7dcefbebf5a483845e1fe1c82cb32e1c6418d4.tar.gz rneovim-ab7dcefbebf5a483845e1fe1c82cb32e1c6418d4.tar.bz2 rneovim-ab7dcefbebf5a483845e1fe1c82cb32e1c6418d4.zip | |
vim-patch:9.0.1499: using uninitialized memory with fuzzy matching (#23399)
Problem: Using uninitialized memory with fuzzy matching.
Solution: Initialize the arrays used to store match positions.
https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/nvim/quickfix.c | 6 | ||||
| -rw-r--r-- | src/nvim/search.c | 6 |
2 files changed, 9 insertions, 3 deletions
diff --git a/src/nvim/quickfix.c b/src/nvim/quickfix.c index 48a558197f..d6bbcbc80d 100644 --- a/src/nvim/quickfix.c +++ b/src/nvim/quickfix.c @@ -5215,7 +5215,10 @@ static bool vgr_match_buflines(qf_list_T *qfl, char *fname, buf_T *buf, char *sp FUNC_ATTR_NONNULL_ARG(1, 3, 4, 5, 6) { bool found_match = false; - const size_t pat_len = strlen(spat); + size_t pat_len = strlen(spat); + if (pat_len > MAX_FUZZY_MATCHES) { + pat_len = MAX_FUZZY_MATCHES; + } for (linenr_T lnum = 1; lnum <= buf->b_ml.ml_line_count && *tomatch > 0; lnum++) { colnr_T col = 0; @@ -5263,6 +5266,7 @@ static bool vgr_match_buflines(qf_list_T *qfl, char *fname, buf_T *buf, char *sp const size_t sz = sizeof(matches) / sizeof(matches[0]); // Fuzzy string match + CLEAR_FIELD(matches); while (fuzzy_match(str + col, spat, false, &score, matches, (int)sz) > 0) { // Pass the buffer number so that it gets used even for a // dummy buffer, unless duplicate_name is set, then the diff --git a/src/nvim/search.c b/src/nvim/search.c index 9d1e672128..094476a5ee 100644 --- a/src/nvim/search.c +++ b/src/nvim/search.c @@ -3045,6 +3045,10 @@ static int fuzzy_match_recursive(const char *fuzpat, const char *str, uint32_t s return 0; } + int recursiveScore = 0; + uint32_t recursiveMatches[MAX_FUZZY_MATCHES]; + CLEAR_FIELD(recursiveMatches); + // "Copy-on-Write" srcMatches into matches if (first_match && srcMatches != NULL) { memcpy(matches, srcMatches, (size_t)nextMatch * sizeof(srcMatches[0])); @@ -3052,8 +3056,6 @@ static int fuzzy_match_recursive(const char *fuzpat, const char *str, uint32_t s } // Recursive call that "skips" this match - uint32_t recursiveMatches[MAX_FUZZY_MATCHES]; - int recursiveScore = 0; const char *const next_char = str + utfc_ptr2len(str); if (fuzzy_match_recursive(fuzpat, next_char, strIdx + 1, &recursiveScore, strBegin, strLen, matches, recursiveMatches, |