patch 9.1.1751: potential buffer-overflow in find_pattern_in_path()

Problem:  potential buffer-overflow in find_pattern_in_path()
Problem:  Verify ptr p has enough room before adding ins_compl_len()

fixes: #18195
closes: #18249

Signed-off-by: Christian Brabandt <cb@256bit.org>

diff --git a/src/search.c b/src/search.c
index 677d1735ab51064b26d788824bb80cedfc350c13..bd607fb4b856fe116eb674d56891b7acfab8ea2d 100644 (file)
--- a/src/search.c
+++ b/src/search.c
@@ -3795,7 +3795,7 @@ search_line:
                    break;
                found = TRUE;
                aux = p = startp;
-               if (compl_status_adding())
+               if (compl_status_adding() && (int)STRLEN(p) >= ins_compl_len())
                {
                    p += ins_compl_len();
                    if (vim_iswordp(p))

diff --git a/src/version.c b/src/version.c
index c741108d9084a8cf6cf0b9279665345f569c6297..c74490c3eaccafd6fa0cb3fd335bedfe25d0fe16 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -724,6 +724,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1751,
 /**/
     1750,
 /**/