From e8948a1f807cb595446e896e00bdf0e5339f0dd2 Mon Sep 17 00:00:00 2001 From: ashamedbit Date: Tue, 26 Aug 2025 17:43:18 +0200 Subject: [PATCH] patch 9.1.1690: Missing recursion guard in dos/unix_expandpath() Problem: Missing recursion guard in dos/unix_expandpath() Solution: Add guard variables (ashamedbit) fixes: #18099 closes: #18106 Co-authored-by: Hirohito Higashi Signed-off-by: ashamedbit Signed-off-by: Christian Brabandt --- src/filepath.c | 22 ++++++++++++++++------ src/version.c | 2 ++ 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/src/filepath.c b/src/filepath.c index 7d115eeda6..d8a1dce742 100644 --- a/src/filepath.c +++ b/src/filepath.c @@ -3709,9 +3709,14 @@ dos_expandpath( vim_snprintf((char *)buf + len, buflen - len, "%s", path_end); if (mch_has_exp_wildcard(path_end)) { - // need to expand another component of the path - // remove backslashes for the remaining components only - (void)dos_expandpath(gap, buf, len + 1, flags, FALSE); + if (stardepth < 100) + { + // need to expand another component of the path + // remove backslashes for the remaining components only + ++stardepth; + (void)dos_expandpath(gap, buf, len + 1, flags, FALSE); + --stardepth; + } } else { @@ -3950,9 +3955,14 @@ unix_expandpath( vim_snprintf((char *)buf + len, buflen - len, "%s", path_end); if (mch_has_exp_wildcard(path_end)) // handle more wildcards { - // need to expand another component of the path - // remove backslashes for the remaining components only - (void)unix_expandpath(gap, buf, len + 1, flags, FALSE); + if (stardepth < 100) + { + // need to expand another component of the path + // remove backslashes for the remaining components only + ++stardepth; + (void)unix_expandpath(gap, buf, len + 1, flags, FALSE); + --stardepth; + } } else { diff --git a/src/version.c b/src/version.c index bedb8ec0bd..b0ce4f3110 100644 --- a/src/version.c +++ b/src/version.c @@ -724,6 +724,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ +/**/ + 1690, /**/ 1689, /**/