vim-patch:9.1.0254: [security]: Heap buffer overflow when calling complete_add() in 'cfu'

Problem: [security]: Heap buffer overflow when calling complete_add() in the first call of 'completefunc' Solution: Call check_cursor() after calling 'completefunc' (zeertzjq) closes: vim/vim#14391 0a419e07a7
2025-10-10 03:46:31 +00:00 · 2024-04-03 05:53:08 +08:00
parent a941207523
commit aeabd8e245
2 changed files with 25 additions and 1 deletions
--- a/test/old/testdir/test_ins_complete.vim
+++ b/test/old/testdir/test_ins_complete.vim
@@ -2490,4 +2490,26 @@ func Test_complete_changed_complete_info()
  call StopVimInTerminal(buf)
 endfunc

+func Test_completefunc_first_call_complete_add()
+  new
+
+  func Complete(findstart, base) abort
+    if a:findstart
+      let col = col('.')
+      call complete_add('#')
+      return col - 1
+    else
+      return []
+    endif
+  endfunc
+
+  set completeopt=longest completefunc=Complete
+  " This used to cause heap-buffer-overflow
+  call assert_fails('call feedkeys("ifoo#\<C-X>\<C-U>", "xt")', 'E840:')
+
+  delfunc Complete
+  set completeopt& completefunc&
+  bwipe!
+endfunc
+
 " vim: shiftwidth=2 sts=2 expandtab nofoldenable