Skip to content

Commit

Permalink
Problem: qsort may deref NULL pointer
Browse files Browse the repository at this point in the history
Problem: qsort may deref NULL pointer if there was no fuzzy score for
         all candidates
Solution: Check that fuzzy_indices contains some values
  • Loading branch information
chrisbra committed Jul 19, 2024
1 parent 5ad0199 commit c54072b
Showing 1 changed file with 12 additions and 7 deletions.
19 changes: 12 additions & 7 deletions src/insexpand.c
Original file line number Diff line number Diff line change
Expand Up @@ -3588,16 +3588,21 @@ get_next_filename_completion(void)
}
}

fuzzy_indices_data = (int *)fuzzy_indices.ga_data;
qsort(fuzzy_indices_data, fuzzy_indices.ga_len, sizeof(int), compare_scores);
// prevent qsort from deref NULL pointer
if (fuzzy_indices.ga_len > 0)
{
fuzzy_indices_data = (int *)fuzzy_indices.ga_data;
qsort(fuzzy_indices_data, fuzzy_indices.ga_len, sizeof(int), compare_scores);

sorted_matches = (char_u **)alloc(sizeof(char_u *) * fuzzy_indices.ga_len);
for (i = 0; i < fuzzy_indices.ga_len; ++i)
sorted_matches[i] = vim_strsave(matches[fuzzy_indices_data[i]]);

sorted_matches = (char_u **)alloc(sizeof(char_u *) * fuzzy_indices.ga_len);
for (i = 0; i < fuzzy_indices.ga_len; ++i)
sorted_matches[i] = vim_strsave(matches[fuzzy_indices_data[i]]);
matches = sorted_matches;
num_matches = fuzzy_indices.ga_len;
}

FreeWild(num_matches, matches);
matches = sorted_matches;
num_matches = fuzzy_indices.ga_len;
vim_free(compl_fuzzy_scores);
ga_clear(&fuzzy_indices);
}
Expand Down

0 comments on commit c54072b

Please sign in to comment.