From 0019886a84c7dfdaf452c8a715f26eb87c697b1b Mon Sep 17 00:00:00 2001 From: zeertzjq Date: Wed, 11 May 2022 19:07:31 +0800 Subject: vim-patch:8.2.4901: NULL pointer access when using invalid pattern Problem: NULL pointer access when using invalid pattern. Solution: Check for failed regexp program. https://github.com/vim/vim/commit/8e4b76da1d7e987d43ca960dfbc372d1c617466f --- src/nvim/buffer.c | 2 +- src/nvim/testdir/test_buffer.vim | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/nvim/buffer.c b/src/nvim/buffer.c index ab804cc42f..f9ad16e357 100644 --- a/src/nvim/buffer.c +++ b/src/nvim/buffer.c @@ -2387,7 +2387,7 @@ static char_u *fname_match(regmatch_T *rmp, char_u *name, bool ignore_case) rmp->rm_ic = p_fic || ignore_case; if (vim_regexec(rmp, name, (colnr_T)0)) { match = name; - } else { + } else if (rmp->regprog != NULL) { // Replace $(HOME) with '~' and try matching again. p = home_replace_save(NULL, name); if (vim_regexec(rmp, p, (colnr_T)0)) { diff --git a/src/nvim/testdir/test_buffer.vim b/src/nvim/testdir/test_buffer.vim index a31cdbb49a..7734094584 100644 --- a/src/nvim/testdir/test_buffer.vim +++ b/src/nvim/testdir/test_buffer.vim @@ -61,4 +61,11 @@ func Test_buffer_scheme() set shellslash& endfunc +" this was using a NULL pointer after failing to use the pattern +func Test_buf_pattern_invalid() + vsplit 0000000 + silent! buf [0--]\&\zs*\zs*e + bwipe! +endfunc + " vim: shiftwidth=2 sts=2 expandtab -- cgit From 6f52bc5dee23e85d07eb7a32d4cbea633f9939ef Mon Sep 17 00:00:00 2001 From: zeertzjq Date: Wed, 11 May 2022 19:10:18 +0800 Subject: vim-patch:8.2.4938: crash when matching buffer with invalid pattern Problem: Crash when matching buffer with invalid pattern. Solution: Check for NULL regprog. https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060 --- src/nvim/buffer.c | 2 +- src/nvim/testdir/test_buffer.vim | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/nvim/buffer.c b/src/nvim/buffer.c index f9ad16e357..2c9f997ac1 100644 --- a/src/nvim/buffer.c +++ b/src/nvim/buffer.c @@ -2366,7 +2366,7 @@ static char_u *buflist_match(regmatch_T *rmp, buf_T *buf, bool ignore_case) { // First try the short file name, then the long file name. char_u *match = fname_match(rmp, buf->b_sfname, ignore_case); - if (match == NULL) { + if (match == NULL && rmp->regprog != NULL) { match = fname_match(rmp, buf->b_ffname, ignore_case); } return match; diff --git a/src/nvim/testdir/test_buffer.vim b/src/nvim/testdir/test_buffer.vim index 7734094584..9eb768f124 100644 --- a/src/nvim/testdir/test_buffer.vim +++ b/src/nvim/testdir/test_buffer.vim @@ -66,6 +66,10 @@ func Test_buf_pattern_invalid() vsplit 0000000 silent! buf [0--]\&\zs*\zs*e bwipe! + + vsplit 00000000000000000000000000 + silent! buf [0--]\&\zs*\zs*e + bwipe! endfunc " vim: shiftwidth=2 sts=2 expandtab -- cgit