diff options
author | Bram Moolenaar <Bram@vim.org> | 2017-12-19 10:49:34 +0100 |
---|---|---|
committer | Bram Moolenaar <Bram@vim.org> | 2017-12-19 10:49:34 +0100 |
commit | 132f75255ecea17ff621f71236568c5d8d8e0163 (patch) | |
tree | af7203ab755b6791024264f285c1bd1bde4c404d | |
parent | a0ca7d002d4efcf4bce0af6943146a339677ed3d (diff) |
patch 8.0.1409: buffer overflow in :tags commandv8.0.1409
Problem: Buffer overflow in :tags command.
Solution: Use vim_snprintf(). (Dominique Pelle, closes #2471, closes #2475)
Add a test.
-rw-r--r-- | src/tag.c | 2 | ||||
-rw-r--r-- | src/testdir/test_taglist.vim | 7 | ||||
-rw-r--r-- | src/version.c | 2 |
3 files changed, 9 insertions, 2 deletions
@@ -1130,7 +1130,7 @@ do_tags(exarg_T *eap UNUSED) continue; msg_putchar('\n'); - sprintf((char *)IObuff, "%c%2d %2d %-15s %5ld ", + vim_snprintf((char *)IObuff, IOSIZE, "%c%2d %2d %-15s %5ld ", i == tagstackidx ? '>' : ' ', i + 1, tagstack[i].cur_match + 1, diff --git a/src/testdir/test_taglist.vim b/src/testdir/test_taglist.vim index 2d1557ebd9..3ad2025915 100644 --- a/src/testdir/test_taglist.vim +++ b/src/testdir/test_taglist.vim @@ -1,4 +1,4 @@ -" test 'taglist' function +" test 'taglist' function and :tags command func Test_taglist() call writefile([ @@ -56,3 +56,8 @@ func Test_taglist_ctags_etags() call delete('Xtags') endfunc + +func Test_tags_too_long() + call assert_fails('tag ' . repeat('x', 1020), 'E426') + tags +endfunc diff --git a/src/version.c b/src/version.c index ed86ef6034..97f0d66ca9 100644 --- a/src/version.c +++ b/src/version.c @@ -772,6 +772,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 1409, +/**/ 1408, /**/ 1407, |