From b9e717367c395490149495cf375911b5d9de889e Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Sat, 23 Jul 2022 06:53:08 +0100
Subject: patch 9.0.0060: accessing uninitialized memory when completing long
 line

Problem:    Accessing uninitialized memory when completing long line.
Solution:   Terminate string with NUL.
---
 src/insexpand.c                   | 1 +
 src/testdir/test_ins_complete.vim | 7 +++++++
 src/version.c                     | 2 ++
 3 files changed, 10 insertions(+)

(limited to 'src')

diff --git a/src/insexpand.c b/src/insexpand.c
index b49a631a6b..c505158a1d 100644
--- a/src/insexpand.c
+++ b/src/insexpand.c
@@ -642,6 +642,7 @@ ins_compl_infercase_gettext(
 	    // growarray.  Add the character in the next round.
 	    if (ga_grow(&gap, IOSIZE) == FAIL)
 		return (char_u *)"[failed]";
+	    *p = NUL;
 	    STRCPY(gap.ga_data, IObuff);
 	    gap.ga_len = (int)STRLEN(IObuff);
 	}
diff --git a/src/testdir/test_ins_complete.vim b/src/testdir/test_ins_complete.vim
index 2be6d06020..7bebc5d8a9 100644
--- a/src/testdir/test_ins_complete.vim
+++ b/src/testdir/test_ins_complete.vim
@@ -2108,6 +2108,13 @@ func Test_infercase_very_long_line()
   exe "normal 2Go\<C-X>\<C-L>\<Esc>"
   call assert_equal(longLine, getline(3))
 
+  " check that the too long text is NUL terminated
+  %del
+  norm o
+  norm 1987ax
+  exec "norm ox\<C-X>\<C-L>"
+  call assert_equal(repeat('x', 1987), getline(3))
+
   bwipe!
   set noic noinfercase
 endfunc
diff --git a/src/version.c b/src/version.c
index b57ab6985f..b6e61f50ef 100644
--- a/src/version.c
+++ b/src/version.c
@@ -735,6 +735,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    60,
 /**/
     59,
 /**/
-- 
cgit v1.2.3