diff options
| author | Bram Moolenaar <Bram@vim.org> | 2021-10-08 18:39:28 +0100 |
|---|---|---|
| committer | Bram Moolenaar <Bram@vim.org> | 2021-10-08 18:39:28 +0100 |
| commit | 826bfe4bbd7594188e3d74d2539d9707b1c6a14b (patch) | |
| tree | 56be5520dccdd31b124c6534bdeece6446e3bf9b | |
| parent | cce81e9673fe8d056e8eef310d9919620eccb2f2 (diff) | |
patch 8.2.3487: illegal memory access if buffer name is very longv8.2.3487
Problem: Illegal memory access if buffer name is very long.
Solution: Make sure not to go over the end of the buffer.
| -rw-r--r-- | src/drawscreen.c | 10 | ||||
| -rw-r--r-- | src/testdir/test_statusline.vim | 10 | ||||
| -rw-r--r-- | src/version.c | 2 |
3 files changed, 17 insertions, 5 deletions
diff --git a/src/drawscreen.c b/src/drawscreen.c index 82e53753bf..e38ca95863 100644 --- a/src/drawscreen.c +++ b/src/drawscreen.c @@ -464,13 +464,13 @@ win_redr_status(win_T *wp, int ignore_pum UNUSED) *(p + len++) = ' '; if (bt_help(wp->w_buffer)) { - STRCPY(p + len, _("[Help]")); + vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Help]")); len += (int)STRLEN(p + len); } #ifdef FEAT_QUICKFIX if (wp->w_p_pvw) { - STRCPY(p + len, _("[Preview]")); + vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Preview]")); len += (int)STRLEN(p + len); } #endif @@ -480,12 +480,12 @@ win_redr_status(win_T *wp, int ignore_pum UNUSED) #endif ) { - STRCPY(p + len, "[+]"); - len += 3; + vim_snprintf((char *)p + len, MAXPATHL - len, "%s", "[+]"); + len += (int)STRLEN(p + len); } if (wp->w_buffer->b_p_ro) { - STRCPY(p + len, _("[RO]")); + vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[RO]")); len += (int)STRLEN(p + len); } diff --git a/src/testdir/test_statusline.vim b/src/testdir/test_statusline.vim index f3eea2e71e..a952de69b9 100644 --- a/src/testdir/test_statusline.vim +++ b/src/testdir/test_statusline.vim @@ -522,4 +522,14 @@ func Test_statusline_mbyte_fillchar() %bw! endfunc +" Used to write beyond allocated memory. This assumes MAXPATHL is 4096 bytes. +func Test_statusline_verylong_filename() + let fname = repeat('x', 4090) + exe "new " .. fname + set buftype=help + set previewwindow + redraw + bwipe! +endfunc + " vim: shiftwidth=2 sts=2 expandtab diff --git a/src/version.c b/src/version.c index 4c66b2425e..06421bb0f2 100644 --- a/src/version.c +++ b/src/version.c @@ -758,6 +758,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 3487, +/**/ 3486, /**/ 3485, |