From 1c815b54bbaf872c271d58043e51e56b908c1a20 Mon Sep 17 00:00:00 2001
From: Christian Brabandt <cb@256bit.org>
Date: Wed, 28 Aug 2024 22:08:35 +0200
Subject: [PATCH] patch 9.1.0700: crash with 2byte encoding and glob2regpat()

Problem:  possible crash with 2byte encoding and glob2regpat()
Solution: Skip over character, if it is multi-byte character

Signed-off-by: Christian Brabandt <cb@256bit.org>
---
 src/fileio.c                                |   3 ++-
 src/testdir/crash/heap_overflow_glob2regpat | Bin 0 -> 200 bytes
 src/testdir/test_crash.vim                  |   6 ++++++
 src/version.c                               |   2 ++
 4 files changed, 10 insertions(+), 1 deletion(-)
 create mode 100644 src/testdir/crash/heap_overflow_glob2regpat

diff --git a/src/fileio.c b/src/fileio.c
index d27a1727ed..890eac7858 100644
--- a/src/fileio.c
+++ b/src/fileio.c
@@ -5714,7 +5714,8 @@ file_pat_to_reg_pat(
 				)
 			    *allow_dirs = TRUE;
 			reg_pat[i++] = '\\';
-			reg_pat[i++] = *p;
+			if (enc_dbcs != 0 && (*mb_ptr2len)(p) > 1)
+			    reg_pat[i++] = *p++;
 		    }
 		break;
 #ifdef BACKSLASH_IN_FILENAME
diff --git a/src/testdir/crash/heap_overflow_glob2regpat b/src/testdir/crash/heap_overflow_glob2regpat
new file mode 100644
index 0000000000000000000000000000000000000000..8baf6f32533cc548c58dcc6152292e7f23b59345
GIT binary patch
literal 200
zcmcC2PE|<FOU_Tp%uBa5N~$bL)h#Va)Ai#j$;?SjE!Iln)-J4JV5sLR%Zq9M|B0)Z
zg@r{=&lX6saImoP@MtjG`tnp+cI4)y2!H`Y8CMDe!^0G=yqLEQhB{n9)gU0ikd|MP
zld3S2aW<DoZgw$Ou1YF%X3=kk|0-NLNsJ5(3_zjQR3@kY|GAPB>#D1BlJZN6GSf3k
rRI7uSU!=tR*U|d#6YSGdV3^ndRGpcdn8VN=mRed`8eCdh5W@`sxUN5Z

literal 0
HcmV?d00001

diff --git a/src/testdir/test_crash.vim b/src/testdir/test_crash.vim
index b3348761cf..e741a18b4d 100644
--- a/src/testdir/test_crash.vim
+++ b/src/testdir/test_crash.vim
@@ -222,6 +222,12 @@ func Test_crash1_3()
   call term_sendkeys(buf, args)
   call TermWait(buf, 150)
 
+  let file = 'crash/heap_overflow_glob2regpat'
+  let cmn_args = "%s -u NONE -i NONE -n -X -m -n -e -s -S %s -c ':qa!'"
+  let args = printf(cmn_args, vim, file)
+  call term_sendkeys(buf, args)
+  call TermWait(buf, 50)
+
 
   " clean up
   exe buf .. "bw!"
diff --git a/src/version.c b/src/version.c
index 100a1ae700..59bd3fcdcc 100644
--- a/src/version.c
+++ b/src/version.c
@@ -704,6 +704,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    700,
 /**/
     699,
 /**/