diff options
| author | zeertzjq <zeertzjq@outlook.com> | 2024-04-03 05:53:08 +0800 |
|---|---|---|
| committer | zeertzjq <zeertzjq@outlook.com> | 2024-04-03 05:55:50 +0800 |
| commit | aeabd8e2455b979c70277ea83eb9f3375a37bc6f (patch) | |
| tree | 30681ab75de2001f04f20531b0160f41de5c61ff /src | |
| parent | a94120752344f04c3f6d7e088026e9a58f46fe64 (diff) | |
| download | rneovim-aeabd8e2455b979c70277ea83eb9f3375a37bc6f.tar.gz rneovim-aeabd8e2455b979c70277ea83eb9f3375a37bc6f.tar.bz2 rneovim-aeabd8e2455b979c70277ea83eb9f3375a37bc6f.zip | |
vim-patch:9.1.0254: [security]: Heap buffer overflow when calling complete_add() in 'cfu'
Problem: [security]: Heap buffer overflow when calling complete_add()
in the first call of 'completefunc'
Solution: Call check_cursor() after calling 'completefunc' (zeertzjq)
closes: vim/vim#14391
https://github.com/vim/vim/commit/0a419e07a705675ac159218f42c1daa151d2ceea
Diffstat (limited to 'src')
| -rw-r--r-- | src/nvim/insexpand.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/nvim/insexpand.c b/src/nvim/insexpand.c index fe5faf8c10..7feb4f6661 100644 --- a/src/nvim/insexpand.c +++ b/src/nvim/insexpand.c @@ -2435,7 +2435,8 @@ static void expand_by_function(int type, char *base) } textlock--; - curwin->w_cursor = pos; // restore the cursor position + curwin->w_cursor = pos; // restore the cursor position + check_cursor(curwin); // make sure cursor position is valid, just in case validate_cursor(curwin); if (!equalpos(curwin->w_cursor, pos)) { emsg(_(e_compldel)); @@ -4059,6 +4060,7 @@ static int get_userdefined_compl_info(colnr_T curs_col) State = save_State; curwin->w_cursor = pos; // restore the cursor position + check_cursor(curwin); // make sure cursor position is valid, just in case validate_cursor(curwin); if (!equalpos(curwin->w_cursor, pos)) { emsg(_(e_compldel)); |