Mercurial > vim

diff src/insexpand.c @ 33152:8c9c79b00316 v9.0.1858

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 9.0.1858: [security] heap use after free in ins_compl_get_exp() Commit: https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139 Author: Christian Brabandt <cb@256bit.org> Date: Sun Sep 3 21:24:33 2023 +0200 patch 9.0.1858: [security] heap use after free in ins_compl_get_exp() Problem: heap use after free in ins_compl_get_exp() Solution: validate buffer before accessing it Signed-off-by: Christian Brabandt <cb@256bit.org>
author Christian Brabandt <cb@256bit.org>
date Sun, 03 Sep 2023 21:30:02 +0200
parents 695b50472e85
children def9fc5c92d1
line wrap: on
line diff
--- a/src/insexpand.c
+++ b/src/insexpand.c
@@ -3850,7 +3850,7 @@ ins_compl_get_exp(pos_T *ini)
 	else
 	{
 	    // Mark a buffer scanned when it has been scanned completely
-	    if (type == 0 || type == CTRL_X_PATH_PATTERNS)
+	    if (buf_valid(st.ins_buf) && (type == 0 || type == CTRL_X_PATH_PATTERNS))
 		st.ins_buf->b_scanned = TRUE;
 
 	    compl_started = FALSE;