Commit: patch 9.1.0700: crash with 2byte encoding and glob2regpat()

[Christian Brabandt]

patch 9.1.0700: crash with 2byte encoding and glob2regpat()

Commit: 
https://github.com/vim/vim/commit/1c815b54bbaf872c271d58043e51e56b908c1a20
Author: Christian Brabandt <c...@256bit.org>
Date:   Wed Aug 28 22:08:35 2024 +0200

    patch 9.1.0700: crash with 2byte encoding and glob2regpat()
    
    Problem:  possible crash with 2byte encoding and glob2regpat()
    Solution: Skip over character, if it is multi-byte character
    
    Signed-off-by: Christian Brabandt <c...@256bit.org>

diff --git a/src/fileio.c b/src/fileio.c
index d27a1727e..890eac785 100644
--- a/src/fileio.c
+++ b/src/fileio.c
@@ -5714,7 +5714,8 @@ file_pat_to_reg_pat(
                                )
                            *allow_dirs = TRUE;
                        reg_pat[i++] = '\';
-                       reg_pat[i++] = *p;
+                       if (enc_dbcs != 0 && (*mb_ptr2len)(p) > 1)
+                           reg_pat[i++] = *p++;
                    }
                break;
 #ifdef BACKSLASH_IN_FILENAME
diff --git a/src/testdir/crash/heap_overflow_glob2regpat 
b/src/testdir/crash/heap_overflow_glob2regpat
new file mode 100644
index 
0000000000000000000000000000000000000000..8baf6f32533cc548c58dcc6152292e7f23b59345
GIT binary patch
literal 200
zcmcC2PE|<FOU_Tp%uBa5N~$bL)h#Va)Ai#j$;?SjE!Iln)-J4JV5sLR%Zq9M|B0)Z
zg@r{=&lX6saImoP@MtjG`tnp+cI4)y2!H`Y8CMDe!^0G=yqLEQhB{n9)gU0ikd|MP
zld3S2aW<DoZgw$Ou1YF%X3=kk|0-NLNsJ5(3_zjQR3@kY|GAPB>#D1BlJZN6GSf3k
rRI7uSU!=tR*U|d#6YSGdV3^ndRGpcdn8VN=mRed`8eCdh5W@`sxUN5Z

literal 0
HcmV?d00001

diff --git a/src/testdir/test_crash.vim b/src/testdir/test_crash.vim
index b3348761c..e741a18b4 100644
--- a/src/testdir/test_crash.vim
+++ b/src/testdir/test_crash.vim
@@ -222,6 +222,12 @@ func Test_crash1_3()
   call term_sendkeys(buf, args)
   call TermWait(buf, 150)
 
+  let file = 'crash/heap_overflow_glob2regpat'
+  let cmn_args = "%s -u NONE -i NONE -n -X -m -n -e -s -S %s -c ':qa!'"
+  let args = printf(cmn_args, vim, file)
+  call term_sendkeys(buf, args)
+  call TermWait(buf, 50)
+
 
   " clean up
   exe buf .. "bw!"
diff --git a/src/version.c b/src/version.c
index 100a1ae70..59bd3fcdc 100644
--- a/src/version.c
+++ b/src/version.c
@@ -704,6 +704,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    700,
 /**/
     699,
 /**/

-- 
-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

--- 
You received this message because you are subscribed to the Google Groups 
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to vim_dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/vim_dev/E1sjP4J-00EBYe-0u%40256bit.org.