patch 8.0.1047: buffer overflow in Rubyv8.0.1047

Problem: Buffer overflow in Ruby. Solution: Allocate one more byte. (Dominique Pelle)
author: Bram Moolenaar <Bram@vim.org> 2017-09-03 15:17:48 +0200
committer: Bram Moolenaar <Bram@vim.org> 2017-09-03 15:17:48 +0200
commit: 00ccf54630dc68a9b8aedb92b268f3b697081f68 (patch)
tree: 22c23c284f264a80d2de617b2b60bf1bbd61a94e
parent: ae96b8d058cffd9d07b78cb7a9ccd382185b9dd6 (diff)
2 files changed, 3 insertions, 1 deletions
diff --git a/src/if_ruby.c b/src/if_ruby.c
index 02b59dd14a..d38ed2fbb1 100644
--- a/src/if_ruby.c
+++ b/src/if_ruby.c
@@ -984,7 +984,7 @@ static VALUE vim_message(VALUE self UNUSED, VALUE str)
     if (RSTRING_LEN(str) > 0)
     {
 	/* Only do this when the string isn't empty, alloc(0) causes trouble. */
-	buff = ALLOCA_N(char, RSTRING_LEN(str));
+	buff = ALLOCA_N(char, RSTRING_LEN(str) + 1);
 	strcpy(buff, RSTRING_PTR(str));
 	p = strchr(buff, '\n');
 	if (p) *p = '\0';
diff --git a/src/version.c b/src/version.c
index a57e11f5b7..2034504ccc 100644
--- a/src/version.c
+++ b/src/version.c
@@ -770,6 +770,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1047,
+/**/
     1046,
 /**/
     1045,
author	Bram Moolenaar <Bram@vim.org>	2017-09-03 15:17:48 +0200
committer	Bram Moolenaar <Bram@vim.org>	2017-09-03 15:17:48 +0200
commit	00ccf54630dc68a9b8aedb92b268f3b697081f68 (patch)
tree	22c23c284f264a80d2de617b2b60bf1bbd61a94e
parent	ae96b8d058cffd9d07b78cb7a9ccd382185b9dd6 (diff)