From 11b369925287a7706e8d6cab759263ef9192c5f3 Mon Sep 17 00:00:00 2001 From: zeertzjq Date: Thu, 15 Jan 2026 13:53:39 +0800 Subject: [PATCH] vim-patch:9.1.0700: crash with 2byte encoding and glob2regpat() Problem: possible crash with 2byte encoding and glob2regpat() Solution: Skip over character, if it is multi-byte character https://github.com/vim/vim/commit/1c815b54bbaf872c271d58043e51e56b908c1a20 Co-authored-by: Christian Brabandt --- src/nvim/fileio.c | 1 - test/old/testdir/crash/heap_overflow_glob2regpat | Bin 0 -> 200 bytes test/old/testdir/test_crash.vim | 6 ++++++ 3 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 test/old/testdir/crash/heap_overflow_glob2regpat diff --git a/src/nvim/fileio.c b/src/nvim/fileio.c index 403f455b89..afd1d6d1a4 100644 --- a/src/nvim/fileio.c +++ b/src/nvim/fileio.c @@ -3754,7 +3754,6 @@ char *file_pat_to_reg_pat(const char *pat, const char *pat_end, char *allow_dirs *allow_dirs = true; } reg_pat[i++] = '\\'; - reg_pat[i++] = *p; } break; #ifdef BACKSLASH_IN_FILENAME diff --git a/test/old/testdir/crash/heap_overflow_glob2regpat b/test/old/testdir/crash/heap_overflow_glob2regpat new file mode 100644 index 0000000000000000000000000000000000000000..8baf6f32533cc548c58dcc6152292e7f23b59345 GIT binary patch literal 200 zcmcC2PE|xpGxfnKO%iGyGTK%1L5mU|=Zb%56<$a{B+DD@n1gx;iH*zoaNL uJ)=amI*9p2O3Z&9t^Yp3K0O77i46=444Ju!ISk!lsimc*!KI}IG28&Su0MPL literal 0 HcmV?d00001 diff --git a/test/old/testdir/test_crash.vim b/test/old/testdir/test_crash.vim index 80b0d3f722..4f13949fc6 100644 --- a/test/old/testdir/test_crash.vim +++ b/test/old/testdir/test_crash.vim @@ -226,6 +226,12 @@ func Test_crash1_3() call term_sendkeys(buf, args) call TermWait(buf, 150) + let file = 'crash/heap_overflow_glob2regpat' + let cmn_args = "%s -u NONE -i NONE -n -X -m -n -e -s -S %s -c ':qa!'" + let args = printf(cmn_args, vim, file) + call term_sendkeys(buf, args) + call TermWait(buf, 50) + " clean up exe buf .. "bw!"