From 5226801be26419f9a8277cbc35592cc2f0004d64 Mon Sep 17 00:00:00 2001 From: Sean Dewar <6256228+seandewar@users.noreply.github.com> Date: Fri, 16 Jan 2026 00:17:59 +0000 Subject: [PATCH] fix(api): parse_expression crash with ident and curly Problem: nvim_parse_expression null pointer dereference when parsing an identifier followed by { with "highlight" parameter set to false. Solution: only set opening_hl_idx if pstate->colors is not NULL. Not added to parser_tests.lua as that uses highlight = true. --- src/nvim/viml/parser/expressions.c | 4 +++- test/functional/api/vim_spec.lua | 6 ++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/src/nvim/viml/parser/expressions.c b/src/nvim/viml/parser/expressions.c index 32060f4364..1d5852526c 100644 --- a/src/nvim/viml/parser/expressions.c +++ b/src/nvim/viml/parser/expressions.c @@ -2636,7 +2636,9 @@ viml_pexpr_parse_figure_brace_closing_error: ADD_IDENT(do { NEW_NODE_WITH_CUR_POS(cur_node, kExprNodeCurlyBracesIdentifier); - cur_node->data.fig.opening_hl_idx = kv_size(*pstate->colors); + if (pstate->colors) { + cur_node->data.fig.opening_hl_idx = kv_size(*pstate->colors); + } cur_node->data.fig.type_guesses.allow_lambda = false; cur_node->data.fig.type_guesses.allow_dict = false; cur_node->data.fig.type_guesses.allow_ident = true; diff --git a/test/functional/api/vim_spec.lua b/test/functional/api/vim_spec.lua index 7fb5c2d3d5..cc90eec84f 100644 --- a/test/functional/api/vim_spec.lua +++ b/test/functional/api/vim_spec.lua @@ -3238,9 +3238,11 @@ describe('API', function() end end - it('does not crash parsing invalid VimL expression #29648', function() + it('does not crash parsing invalid VimL expression', function() api.nvim_input(':=') - api.nvim_input('1bork/') + api.nvim_input('1bork/') -- #29648 + assert_alive() + api.nvim_parse_expression('a{b}', '', false) assert_alive() end)