From: Christian Brabandt <cb@256bit.org>
Date: Wed, 10 Sep 2025 08:09:23 +0000 (-0400)
Subject: patch 9.1.1751: potential buffer-overflow in find_pattern_in_path()
X-Git-Tag: v9.1.1751^0
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=21ecb0d2e2888ded9da04c4f47758cec99063822;p=thirdparty%2Fvim.git

patch 9.1.1751: potential buffer-overflow in find_pattern_in_path()

Problem:  potential buffer-overflow in find_pattern_in_path()
Problem:  Verify ptr p has enough room before adding ins_compl_len()

fixes: #18195
closes: #18249

Signed-off-by: Christian Brabandt <cb@256bit.org>
---

diff --git a/src/search.c b/src/search.c
index 677d1735ab..bd607fb4b8 100644
--- a/src/search.c
+++ b/src/search.c
@@ -3795,7 +3795,7 @@ search_line:
 		    break;
 		found = TRUE;
 		aux = p = startp;
-		if (compl_status_adding())
+		if (compl_status_adding() && (int)STRLEN(p) >= ins_compl_len())
 		{
 		    p += ins_compl_len();
 		    if (vim_iswordp(p))
diff --git a/src/version.c b/src/version.c
index c741108d90..c74490c3ea 100644
--- a/src/version.c
+++ b/src/version.c
@@ -724,6 +724,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1751,
 /**/
     1750,
 /**/