patch 8.0.1409: buffer overflow in :tags commandv8.0.1409

Problem: Buffer overflow in :tags command. Solution: Use vim_snprintf(). (Dominique Pelle, closes #2471, closes #2475) Add a test.
author: Bram Moolenaar <Bram@vim.org> 2017-12-19 10:49:34 +0100
committer: Bram Moolenaar <Bram@vim.org> 2017-12-19 10:49:34 +0100
commit: 132f75255ecea17ff621f71236568c5d8d8e0163 (patch)
tree: af7203ab755b6791024264f285c1bd1bde4c404d
parent: a0ca7d002d4efcf4bce0af6943146a339677ed3d (diff)
3 files changed, 9 insertions, 2 deletions
diff --git a/src/tag.c b/src/tag.c
index 0233822c1d..3d18a41ebb 100644
--- a/src/tag.c
+++ b/src/tag.c
@@ -1130,7 +1130,7 @@ do_tags(exarg_T *eap UNUSED)
 		continue;
 
 	    msg_putchar('\n');
-	    sprintf((char *)IObuff, "%c%2d %2d %-15s %5ld  ",
+	    vim_snprintf((char *)IObuff, IOSIZE, "%c%2d %2d %-15s %5ld  ",
 		i == tagstackidx ? '>' : ' ',
 		i + 1,
 		tagstack[i].cur_match + 1,
diff --git a/src/testdir/test_taglist.vim b/src/testdir/test_taglist.vim
index 2d1557ebd9..3ad2025915 100644
--- a/src/testdir/test_taglist.vim
+++ b/src/testdir/test_taglist.vim
@@ -1,4 +1,4 @@
-" test 'taglist' function
+" test 'taglist' function and :tags command
 
 func Test_taglist()
   call writefile([
@@ -56,3 +56,8 @@ func Test_taglist_ctags_etags()
 
   call delete('Xtags')
 endfunc
+
+func Test_tags_too_long()
+  call assert_fails('tag ' . repeat('x', 1020), 'E426')
+  tags
+endfunc
diff --git a/src/version.c b/src/version.c
index ed86ef6034..97f0d66ca9 100644
--- a/src/version.c
+++ b/src/version.c
@@ -772,6 +772,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1409,
+/**/
     1408,
 /**/
     1407,
author	Bram Moolenaar <Bram@vim.org>	2017-12-19 10:49:34 +0100
committer	Bram Moolenaar <Bram@vim.org>	2017-12-19 10:49:34 +0100
commit	132f75255ecea17ff621f71236568c5d8d8e0163 (patch)
tree	af7203ab755b6791024264f285c1bd1bde4c404d
parent	a0ca7d002d4efcf4bce0af6943146a339677ed3d (diff)