Fix <c-r> use-after-free InsertCompletionHide touches used register

Before performing the insertion, InsertCompleter::insert calls
try_accept() to accept any selected completion candidate.  If there
is one, we fire InsertCompletionHide. If that one modifies the register
used by <c-r>, the inserted StringViews will be dangling.

Fix this by running try_insert first, and read from the register later.
Note that we call try_accept() twice but that's fine.

It would probably make more sense to copy the register before calling
insert() but I don't think it matters.

Closes #5220

1 files changed, 9 insertions, 1 deletions

diff --git a/src/input_handler.cc b/src/input_handler.cc
index aa43783e..85a8fbc1 100644
--- a/src/input_handler.cc
+++ b/src/input_handler.cc
@@ -15,6 +15,7 @@
 #include "window.hh"
 #include "word_db.hh"
 
+#include <concepts>
 #include <utility>
 #include <limits>
 
@@ -1310,7 +1311,7 @@ public:
                     auto cp = key.codepoint();
                     if (not cp or key == Key::Escape)
                         return;
-                    insert(RegisterManager::instance()[*cp].get(context()));
+                    insert([&] { return RegisterManager::instance()[*cp].get(context()); });
                 }, "enter register name", register_doc.str());
             update_completions = false;
         }
@@ -1430,6 +1431,13 @@ private:
         }, false);
     }
 
+    template<std::invocable Func>
+    void insert(Func&& lazy_strings)
+    {
+        m_completer.try_accept();
+        insert(std::forward<Func>(lazy_strings)());
+    }
+
     void insert(Codepoint key)
     {
         String str{key};