# HG changeset patch
# User Bram Moolenaar <Bram@vim.org>
# Date 1657220403 -7200
# Node ID c12fb2c5b1b33500a2bc8fa61d3f9d1232e3d5f5
# Parent  a46aa8d84416c494446d147ffba499fa8c897a79
patch 9.0.0046: reading past end of completion with duplicate match

Commit: https://github.com/vim/vim/commit/baefde14550231f6468ac2ed2ed495bc381c0c92
Author: Bram Moolenaar <Bram@vim.org>
Date:   Thu Jul 7 19:59:49 2022 +0100

    patch 9.0.0046: reading past end of completion with duplicate match

    Problem:    Reading past end of completion with duplicate match.
    Solution:   Check string length

diff --git a/src/insexpand.c b/src/insexpand.c
--- a/src/insexpand.c
+++ b/src/insexpand.c
@@ -786,7 +786,8 @@ ins_compl_add(
 	{
 	    if (!match_at_original_text(match)
 		    && STRNCMP(match->cp_str, str, len) == 0
-		    && match->cp_str[len] == NUL)
+		    && ((int)STRLEN(match->cp_str) <= len
+						 || match->cp_str[len] == NUL))
 		return NOTDONE;
 	    match = match->cp_next;
 	} while (match != NULL && !is_first_match(match));
diff --git a/src/testdir/test_ins_complete.vim b/src/testdir/test_ins_complete.vim
--- a/src/testdir/test_ins_complete.vim
+++ b/src/testdir/test_ins_complete.vim
@@ -2112,5 +2112,15 @@ func Test_infercase_very_long_line()
   set noic noinfercase
 endfunc
 
+func Test_ins_complete_add()
+  " this was reading past the end of allocated memory
+  new
+  norm o
+  norm 7o€€
+  sil! norm o
+
+  bwipe!
+endfunc
+
 
 " vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/version.c b/src/version.c
--- a/src/version.c
+++ b/src/version.c
@@ -736,6 +736,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    46,
+/**/
     45,
 /**/
     44,