From 21ecb0d2e2888ded9da04c4f47758cec99063822 Mon Sep 17 00:00:00 2001
From: Christian Brabandt <cb@256bit.org>
Date: Wed, 10 Sep 2025 04:09:23 -0400
Subject: [PATCH] patch 9.1.1751: potential buffer-overflow in
 find_pattern_in_path()

Problem:  potential buffer-overflow in find_pattern_in_path()
Problem:  Verify ptr p has enough room before adding ins_compl_len()

fixes: #18195
closes: #18249

Signed-off-by: Christian Brabandt <cb@256bit.org>
---
 src/search.c  | 2 +-
 src/version.c | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/search.c b/src/search.c
index 677d1735ab..bd607fb4b8 100644
--- a/src/search.c
+++ b/src/search.c
@@ -3795,7 +3795,7 @@ search_line:
 		    break;
 		found = TRUE;
 		aux = p = startp;
-		if (compl_status_adding())
+		if (compl_status_adding() && (int)STRLEN(p) >= ins_compl_len())
 		{
 		    p += ins_compl_len();
 		    if (vim_iswordp(p))
diff --git a/src/version.c b/src/version.c
index c741108d90..c74490c3ea 100644
--- a/src/version.c
+++ b/src/version.c
@@ -724,6 +724,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1751,
 /**/
     1750,
 /**/