patch 9.1.0254: [security]: Heap buffer overflow when calling complete_add() in 'cfu' Problem: [security]: Heap buffer overflow when calling complete_add() in the first call of 'completefunc' Solution: Call check_cursor() after calling 'completefunc' (zeertzjq) closes: #14391 Signed-off-by: zeertzjq <zeertzjq@outlook.com> Signed-off-by: Christian Brabandt <cb@256bit.org>

commit: 0a419e07a705675ac159218f42c1daa151d2ceea [log] [tgz]
author: zeertzjq <zeertzjq@outlook.com> Tue Apr 02 19:01:14 2024 +0200
committer: Christian Brabandt <cb@256bit.org> Tue Apr 02 19:01:14 2024 +0200
tree: 43c75a9a601261ce0ffbf07062e6e07baa2b57f9
parent: 6c9f4f98f1cda3793406724a260cd651210a5d0d [diff] [blame]
diff --git a/src/insexpand.c b/src/insexpand.c
index 9b5e5de..93a56a8 100644
--- a/src/insexpand.c
+++ b/src/insexpand.c

@@ -2741,6 +2741,7 @@
     --textlock;
 
     curwin->w_cursor = pos;	// restore the cursor position
+    check_cursor();  // make sure cursor position is valid, just in case
     validate_cursor();
     if (!EQUAL_POS(curwin->w_cursor, pos))
     {
@@ -4606,6 +4607,7 @@
 
     State = save_State;
     curwin->w_cursor = pos;	// restore the cursor position
+    check_cursor();  // make sure cursor position is valid, just in case
     validate_cursor();
     if (!EQUAL_POS(curwin->w_cursor, pos))
     {
commit	0a419e07a705675ac159218f42c1daa151d2ceea	[log] [tgz]
author	zeertzjq <zeertzjq@outlook.com>	Tue Apr 02 19:01:14 2024 +0200
committer	Christian Brabandt <cb@256bit.org>	Tue Apr 02 19:01:14 2024 +0200
tree	43c75a9a601261ce0ffbf07062e6e07baa2b57f9
parent	6c9f4f98f1cda3793406724a260cd651210a5d0d [diff] [blame]