mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-10-02 07:58:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

vim-patch:9.1.1443: potential buffer underflow in insertchar() (#34408)

Browse Source 
Problem:  potential buffer underflow in insertchar()
Solution: verify that end_len is larger than zero
          (jinyaoguo)

When parsing the end-comment leader, end_len can be zero if
copy_option_part() writes no characters. The existing check
unconditionally accessed lead_end[end_len-1], causing potential
underflow when end_len == 0.

This change adds an end_len > 0 guard to ensure we only index lead_end
if there is at least one character.

closes: vim/vim#17476

82a96e3dc0

Co-authored-by: jinyaoguo <guo846@purdue.edu>
This commit is contained in:
zeertzjq
2025-06-10 08:20:55 +08:00
committed by GitHub
parent 78e2f62516
commit 7a58cf4b96
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/nvim/edit.c
View File

@@ -2133,7 +2133,8 @@ void insertchar(int c, int flags, int second_indent)
i -= middle_len; i -= middle_len;
// Check some expected things before we go on // Check some expected things before we go on
if (i >= 0 && (uint8_t)lead_end[end_len - 1] == end_comment_pending) { if (i >= 0 && end_len > 0
&& (uint8_t)lead_end[end_len - 1] == end_comment_pending) {
// Backspace over all the stuff we want to replace // Backspace over all the stuff we want to replace
backspace_until_column(i); backspace_until_column(i);