patch 9.0.1858: [security] heap use after free in ins_compl_get_exp() Problem: heap use after free in ins_compl_get_exp() Solution: validate buffer before accessing it Signed-off-by: Christian Brabandt <cb@256bit.org>

commit: ee9166eb3b41846661a39b662dc7ebe8b5e15139 [log] [tgz]
author: Christian Brabandt <cb@256bit.org> Sun Sep 03 21:24:33 2023 +0200
committer: Christian Brabandt <cb@256bit.org> Sun Sep 03 21:24:33 2023 +0200
tree: 05f2a8a49b5a322d7f5d3840366e764ebcb7c0c5
parent: fc68299d436cf87453e432daa77b6d545df4d7ed [diff] [blame]
diff --git a/src/insexpand.c b/src/insexpand.c
index 3cfdfac..b767b4e 100644
--- a/src/insexpand.c
+++ b/src/insexpand.c

@@ -3850,7 +3850,7 @@
 	else
 	{
 	    // Mark a buffer scanned when it has been scanned completely
-	    if (type == 0 || type == CTRL_X_PATH_PATTERNS)
+	    if (buf_valid(st.ins_buf) && (type == 0 || type == CTRL_X_PATH_PATTERNS))
 		st.ins_buf->b_scanned = TRUE;
 
 	    compl_started = FALSE;
commit	ee9166eb3b41846661a39b662dc7ebe8b5e15139	[log] [tgz]
author	Christian Brabandt <cb@256bit.org>	Sun Sep 03 21:24:33 2023 +0200
committer	Christian Brabandt <cb@256bit.org>	Sun Sep 03 21:24:33 2023 +0200
tree	05f2a8a49b5a322d7f5d3840366e764ebcb7c0c5
parent	fc68299d436cf87453e432daa77b6d545df4d7ed [diff] [blame]