From 39ef2195357996ce0d2b2d2d41275a572f2891b3 Mon Sep 17 00:00:00 2001 From: Michael Ennen Date: Wed, 13 Jan 2016 16:01:23 -0700 Subject: vim-patch:7.4.714 Problem: Illegal memory access when there are illegal bytes. Solution: Check the byte length of the character. (Dominique Pelle) https://github.com/vim/vim/commit/069dd08d8dbbbadc4e6780d5c881a24bce79a4f7 --- src/nvim/regexp.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'src/nvim/regexp.c') diff --git a/src/nvim/regexp.c b/src/nvim/regexp.c index e2c4b590d0..39001939d8 100644 --- a/src/nvim/regexp.c +++ b/src/nvim/regexp.c @@ -5333,10 +5333,12 @@ do_class: if ((len = (*mb_ptr2len)(opnd)) > 1) { if (ireg_ic && enc_utf8) cf = utf_fold(utf_ptr2char(opnd)); - while (count < maxcount) { - for (i = 0; i < len; ++i) - if (opnd[i] != scan[i]) + while (count < maxcount && (*mb_ptr2len)(scan) >= len) { + for (i = 0; i < len; ++i) { + if (opnd[i] != scan[i]) { break; + } + } if (i < len && (!ireg_ic || !enc_utf8 || utf_fold(utf_ptr2char(scan)) != cf)) break; -- cgit