patch 9.0.1848: [security] buffer-overflow in vim_regsub_both() Problem: buffer-overflow in vim_regsub_both() Solution: Check remaining space Signed-off-by: Christian Brabandt <cb@256bit.org>

commit: ced2c7394aafdc90fb7845e09b3a3fee23d48cb1 [log] [tgz]
author: Christian Brabandt <cb@256bit.org> Sat Sep 02 21:15:52 2023 +0200
committer: Christian Brabandt <cb@256bit.org> Sat Sep 02 21:37:04 2023 +0200
tree: 9576ca9f0aa1d127ed8d06821375b6d2de50fd5a
parent: 889f6af37164775192e33b233a90e86fd3df0f57 [diff]
diff --git a/src/testdir/crash/vim_regsub_both b/src/testdir/crash/vim_regsub_both
new file mode 100644
index 0000000..a82b205
--- /dev/null
+++ b/src/testdir/crash/vim_regsub_both

@@ -0,0 +1,10 @@
+fu R()
+sil!norm0z=
+endf
+cal R()
+s/\%')/\=R()
+d
+no0 normyynore sm:vs0@vvvvvvvvvvse()dir(¼Xtest=csd{so88
+vs
+0scr
+so
commit	ced2c7394aafdc90fb7845e09b3a3fee23d48cb1	[log] [tgz]
author	Christian Brabandt <cb@256bit.org>	Sat Sep 02 21:15:52 2023 +0200
committer	Christian Brabandt <cb@256bit.org>	Sat Sep 02 21:37:04 2023 +0200
tree	9576ca9f0aa1d127ed8d06821375b6d2de50fd5a
parent	889f6af37164775192e33b233a90e86fd3df0f57 [diff]