patch 8.2.3915: illegal memory access when completing with invalid bytes
Problem: illegal memory access when completing with invalid bytes.
Solution: Avoid going over the end of the completion text.
diff --git a/src/insexpand.c b/src/insexpand.c
index b0319a2..9fb7fb7 100644
--- a/src/insexpand.c
+++ b/src/insexpand.c
@@ -3437,7 +3437,12 @@
void
ins_compl_insert(int in_compl_func)
{
- ins_bytes(compl_shown_match->cp_str + ins_compl_len());
+ int compl_len = ins_compl_len();
+
+ // Make sure we don't go over the end of the string, this can happen with
+ // illegal bytes.
+ if (compl_len < (int)STRLEN(compl_shown_match->cp_str))
+ ins_bytes(compl_shown_match->cp_str + compl_len);
if (compl_shown_match->cp_flags & CP_ORIGINAL_TEXT)
compl_used_match = FALSE;
else
diff --git a/src/testdir/test_ins_complete.vim b/src/testdir/test_ins_complete.vim
index e3d23e7..f775c1c 100644
--- a/src/testdir/test_ins_complete.vim
+++ b/src/testdir/test_ins_complete.vim
@@ -103,6 +103,19 @@
call delete('Xdir', 'rf')
endfunc
+func Test_ins_complete_invalid_byte()
+ if has('unix') && executable('base64')
+ " this weird command was causing an illegal memory access
+ call writefile(['bm9ybTlvMDCAMM4Dbw4OGA4ODg=='], 'Xinvalid64')
+ call system('base64 -d Xinvalid64 > Xinvalid')
+ call writefile(['qa!'], 'Xexit')
+ call RunVim([], [], " -i NONE -n -X -Z -e -m -s -S Xinvalid -S Xexit")
+ call delete('Xinvalid64')
+ call delete('Xinvalid')
+ call delete('Xexit')
+ endif
+endfunc
+
func Test_omni_dash()
func Omni(findstart, base)
if a:findstart
diff --git a/src/version.c b/src/version.c
index 7dd9b49..7b454a6 100644
--- a/src/version.c
+++ b/src/version.c
@@ -750,6 +750,8 @@
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 3915,
+/**/
3914,
/**/
3913,