From b9e717367c395490149495cf375911b5d9de889e Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Sat, 23 Jul 2022 06:53:08 +0100
Subject: [PATCH] patch 9.0.0060: accessing uninitialized memory when
 completing long line

Problem:    Accessing uninitialized memory when completing long line.
Solution:   Terminate string with NUL.
---
 src/insexpand.c                   | 1 +
 src/testdir/test_ins_complete.vim | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/src/insexpand.c b/src/insexpand.c
index b1114b5..88dbac6 100644
--- a/src/insexpand.c
+++ b/src/insexpand.c
@@ -526,6 +526,7 @@ ins_compl_infercase_gettext(
 	    // growarray.  Add the character in the next round.
 	    if (ga_grow(&gap, IOSIZE) == FAIL)
 		return (char_u *)"[failed]";
+	    *p = NUL;
 	    STRCPY(gap.ga_data, IObuff);
 	    gap.ga_len = (int)STRLEN(IObuff);
 	}
diff --git a/src/testdir/test_ins_complete.vim b/src/testdir/test_ins_complete.vim
index aa054f2..5e7353c 100644
--- a/src/testdir/test_ins_complete.vim
+++ b/src/testdir/test_ins_complete.vim
@@ -408,6 +408,13 @@ func Test_infercase_very_long_line()
   exe "normal 2Go\<C-X>\<C-L>\<Esc>"
   call assert_equal(longLine, getline(3))
 
+  " check that the too long text is NUL terminated
+  %del
+  norm o
+  norm 1987ax
+  exec "norm ox\<C-X>\<C-L>"
+  call assert_equal(repeat('x', 1987), getline(3))
+
   bwipe!
   set noic noinfercase
 endfunc
-- 
2.27.0