mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-09-05 19:08:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

vim-patch:partial:9.1.1131: potential out-of-memory issue in search.c (#32565)

Browse Source 
Problem:  potential out-of-memory issue in search.c
Solution: improve situation and refactor search.c slightly
          (John Marriott)

- In function update_search_stat():
  add a check for a theoretical null pointer reference, set and remember
  the length of lastpat, remove the three calls to STRLEN() and use the
  various string's associated lengths instead, add a check for an
  out-of-memory condition.

- In function search_for_fuzz_match():
  remove a call to strnsave() and thus avoid having to add a check for
  an out-of-memory condition, also replace the call to STRLEN() by
  ml_get_buf_len().

closes: vim/vim#16689

b79fa3d9c8

Co-authored-by: John Marriott <basilisk@internode.on.net>
This commit is contained in:
zeertzjq
2025-02-22 06:49:59 +08:00
committed by GitHub
parent cdedfc3743
commit f3f94d2c37
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/nvim/search.c
View File

@@ -2704,6 +2704,7 @@ static void update_search_stat(int dirc, pos_T *pos, pos_T *cursor_pos, searchst
static int last_maxcount = SEARCH_STAT_DEF_MAX_COUNT;
static int chgtick = 0;
static char *lastpat = NULL;
static size_t lastpatlen = 0;
static buf_T *lbuf = NULL;
CLEAR_POINTER(stat);
@@ -2725,9 +2726,9 @@ static void update_search_stat(int dirc, pos_T *pos, pos_T *cursor_pos, searchst
// Unfortunately, there is no STRNICMP function.
// XXX: above comment should be "no MB_STRCMP function" ?
if (!(chgtick == buf_get_changedtick(curbuf)
&& lastpat != NULL // suppress clang/NULL passed as nonnull parameter
&& STRNICMP(lastpat, spats[last_idx].pat, strlen(lastpat)) == 0
&& strlen(lastpat) == strlen(spats[last_idx].pat)
&& (lastpat != NULL // suppress clang/NULL passed as nonnull parameter
&& mb_strnicmp(lastpat, spats[last_idx].pat, lastpatlen) == 0
&& lastpatlen == spats[last_idx].patlen)
&& equalpos(lastpos, *cursor_pos)
&& lbuf == curbuf)
|| wraparound || cur < 0 || (maxcount > 0 && cur > maxcount)
@@ -2780,7 +2781,8 @@ static void update_search_stat(int dirc, pos_T *pos, pos_T *cursor_pos, searchst
}
if (done_search) {
xfree(lastpat);
lastpat = xstrdup(spats[last_idx].pat);
lastpat = xstrnsave(spats[last_idx].pat, spats[last_idx].patlen);
lastpatlen = spats[last_idx].patlen;
chgtick = (int)buf_get_changedtick(curbuf);
lbuf = curbuf;
lastpos = p;