patch 9.1.0700: crash with 2byte encoding and glob2regpat()

Problem:  possible crash with 2byte encoding and glob2regpat()
Solution: Skip over character, if it is multi-byte character

Signed-off-by: Christian Brabandt <cb@256bit.org>

diff --git a/src/fileio.c b/src/fileio.c
index d27a1727ed1718a573316629ef484787f048632b..890eac7858c3114a2079b5d21980aa7596be83a3 100644 (file)
--- a/src/fileio.c
+++ b/src/fileio.c
@@ -5714,7 +5714,8 @@ file_pat_to_reg_pat(
                                )
                            *allow_dirs = TRUE;
                        reg_pat[i++] = '\\';
-                       reg_pat[i++] = *p;
+                       if (enc_dbcs != 0 && (*mb_ptr2len)(p) > 1)
+                           reg_pat[i++] = *p++;
                    }
                break;
 #ifdef BACKSLASH_IN_FILENAME

diff --git a/src/testdir/crash/heap_overflow_glob2regpat b/src/testdir/crash/heap_overflow_glob2regpat
new file mode 100644 (file)
index 0000000..8baf6f3
Binary files /dev/null and b/src/testdir/crash/heap_overflow_glob2regpat differ

diff --git a/src/testdir/test_crash.vim b/src/testdir/test_crash.vim
index b3348761cf43d61fca317fcc16c49008d6d2874d..e741a18b4d354b4b0853ce683b873b97b5d3377a 100644 (file)
--- a/src/testdir/test_crash.vim
+++ b/src/testdir/test_crash.vim
@@ -222,6 +222,12 @@ func Test_crash1_3()
   call term_sendkeys(buf, args)
   call TermWait(buf, 150)
 
+  let file = 'crash/heap_overflow_glob2regpat'
+  let cmn_args = "%s -u NONE -i NONE -n -X -m -n -e -s -S %s -c ':qa!'"
+  let args = printf(cmn_args, vim, file)
+  call term_sendkeys(buf, args)
+  call TermWait(buf, 50)
+
 
   " clean up
   exe buf .. "bw!"

diff --git a/src/version.c b/src/version.c
index 100a1ae7007d1969f8c0b57613c37a961bc1f905..59bd3fcdcce146ef405a4a53e2d11d1ed25801c3 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -704,6 +704,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    700,
 /**/
     699,
 /**/