From dd26bc94662c43687be49779e429d8953d9f9c88 Mon Sep 17 00:00:00 2001 From: zeertzjq Date: Fri, 4 Jul 2025 16:12:18 +0800 Subject: [PATCH] Search completion may use invalid memory Problem: Search completion may use invalid memory (after 9.1.1490). Solution: Don't get two line pointers at the same time. --- src/cmdexpand.c | 6 ++---- src/testdir/test_cmdline.vim | 1 + 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/src/cmdexpand.c b/src/cmdexpand.c index f7a5f5cc63..35681a0ac1 100644 --- a/src/cmdexpand.c +++ b/src/cmdexpand.c @@ -4609,14 +4609,11 @@ copy_substring_from_pos(pos_T *start, pos_T *end, char_u **match, || (start->lnum == end->lnum && start->col >= end->col)) return FAIL; // invalid range - // Get line pointers - start_line = ml_get(start->lnum); - end_line = ml_get(end->lnum); - // Use a growable string (ga) ga_init2(&ga, 1, 128); // Append start line from start->col to end + start_line = ml_get(start->lnum); char_u *start_ptr = start_line + start->col; int is_single_line = start->lnum == end->lnum; @@ -4643,6 +4640,7 @@ copy_substring_from_pos(pos_T *start, pos_T *end, char_u **match, } // Append partial end line (up to word end) + end_line = ml_get(end->lnum); word_end = find_word_end(end_line + end->col); segment_len = (int)(word_end - end_line); if (ga_grow(&ga, segment_len) != OK) diff --git a/src/testdir/test_cmdline.vim b/src/testdir/test_cmdline.vim index 9ebeb0f44a..870effec6a 100644 --- a/src/testdir/test_cmdline.vim +++ b/src/testdir/test_cmdline.vim @@ -4493,6 +4493,7 @@ func Test_search_wildmenu_screendump() CheckScreendump let lines =<< trim [SCRIPT] + call test_override('alloc_lines', 1) set wildmenu wildcharm= call setline(1, ['the', 'these', 'the', 'foobar', 'thethe', 'thethere']) [SCRIPT]