aniani/vim
0
0
Fork 1
mirror of https://github.com/vim/vim.git synced 2025-11-16 23:24:03 -05:00
Code Activity

patch 9.1.0254: [security]: Heap buffer overflow when calling complete_add() in 'cfu'

Browse Source 
Problem:  [security]: Heap buffer overflow when calling complete_add()
          in the first call of 'completefunc'
Solution: Call check_cursor() after calling 'completefunc' (zeertzjq)

closes: #14391

Signed-off-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
zeertzjq
2024-04-02 19:01:14 +02:00
committed by Christian Brabandt
parent 6c9f4f98f1
commit 0a419e07a7
3 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/insexpand.c
View File

@@ -2741,6 +2741,7 @@ expand_by_function(int type, char_u *base)
--textlock;
curwin->w_cursor = pos; // restore the cursor position
check_cursor(); // make sure cursor position is valid, just in case
validate_cursor();
if (!EQUAL_POS(curwin->w_cursor, pos))
{
@@ -4606,6 +4607,7 @@ get_userdefined_compl_info(colnr_T curs_col UNUSED)
State = save_State;
curwin->w_cursor = pos; // restore the cursor position
check_cursor(); // make sure cursor position is valid, just in case
validate_cursor();
if (!EQUAL_POS(curwin->w_cursor, pos))
{