updated for version 7.2.439
Problem: Invalid memory access when doing thesaurus completion and
'infercase' is set.
Solution: Use the minimal length of completed word and replacement.
(Dominique Pelle)
diff --git a/src/edit.c b/src/edit.c
index 33e580f..a84f32e 100644
--- a/src/edit.c
+++ b/src/edit.c
@@ -2164,6 +2164,7 @@
int i, c;
int actual_len; /* Take multi-byte characters */
int actual_compl_length; /* into account. */
+ int min_len;
int *wca; /* Wide character array. */
int has_lower = FALSE;
int was_letter = FALSE;
@@ -2204,6 +2205,11 @@
#endif
actual_compl_length = compl_length;
+ /* "actual_len" may be smaller than "actual_compl_length" when using
+ * thesaurus, only use the minimum when comparing. */
+ min_len = actual_len < actual_compl_length
+ ? actual_len : actual_compl_length;
+
/* Allocate wide character array for the completion and fill it. */
wca = (int *)alloc((unsigned)(actual_len * sizeof(int)));
if (wca != NULL)
@@ -2219,7 +2225,7 @@
/* Rule 1: Were any chars converted to lower? */
p = compl_orig_text;
- for (i = 0; i < actual_compl_length; ++i)
+ for (i = 0; i < min_len; ++i)
{
#ifdef FEAT_MBYTE
if (has_mbyte)
@@ -2247,7 +2253,7 @@
if (!has_lower)
{
p = compl_orig_text;
- for (i = 0; i < actual_compl_length; ++i)
+ for (i = 0; i < min_len; ++i)
{
#ifdef FEAT_MBYTE
if (has_mbyte)
@@ -2268,7 +2274,7 @@
/* Copy the original case of the part we typed. */
p = compl_orig_text;
- for (i = 0; i < actual_compl_length; ++i)
+ for (i = 0; i < min_len; ++i)
{
#ifdef FEAT_MBYTE
if (has_mbyte)
diff --git a/src/version.c b/src/version.c
index 31a49be..f2a5992 100644
--- a/src/version.c
+++ b/src/version.c
@@ -682,6 +682,8 @@
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 439,
+/**/
438,
/**/
437,