diff options
| author | zeertzjq <zeertzjq@outlook.com> | 2024-04-02 19:01:14 +0200 |
|---|---|---|
| committer | Christian Brabandt <cb@256bit.org> | 2024-04-02 19:01:14 +0200 |
| commit | 0a419e07a705675ac159218f42c1daa151d2ceea (patch) | |
| tree | 43c75a9a601261ce0ffbf07062e6e07baa2b57f9 /src/testdir | |
| parent | 6c9f4f98f1cda3793406724a260cd651210a5d0d (diff) | |
patch 9.1.0254: [security]: Heap buffer overflow when calling complete_add() in 'cfu'v9.1.0254
Problem: [security]: Heap buffer overflow when calling complete_add()
in the first call of 'completefunc'
Solution: Call check_cursor() after calling 'completefunc' (zeertzjq)
closes: #14391
Signed-off-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Diffstat (limited to 'src/testdir')
| -rw-r--r-- | src/testdir/test_ins_complete.vim | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/src/testdir/test_ins_complete.vim b/src/testdir/test_ins_complete.vim index 376d82ff55..eb89a15c53 100644 --- a/src/testdir/test_ins_complete.vim +++ b/src/testdir/test_ins_complete.vim @@ -2429,4 +2429,26 @@ func Test_complete_changed_complete_info() call StopVimInTerminal(buf) endfunc +func Test_completefunc_first_call_complete_add() + new + + func Complete(findstart, base) abort + if a:findstart + let col = col('.') + call complete_add('#') + return col - 1 + else + return [] + endif + endfunc + + set completeopt=longest completefunc=Complete + " This used to cause heap-buffer-overflow + call assert_fails('call feedkeys("ifoo#\<C-X>\<C-U>", "xt")', 'E840:') + + delfunc Complete + set completeopt& completefunc& + bwipe! +endfunc + " vim: shiftwidth=2 sts=2 expandtab nofoldenable |