From 2b1ddf19f8f14365d0b998b4ac12ca85c0923475 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Wed, 21 Sep 2022 11:21:57 +0100
Subject: patch 9.0.0527: long sign text may overflow buffer

Problem:    Long sign text may overflow buffer.
Solution:   Use a larger buffer.  Prevent for overflow.
---
 src/drawline.c             | 12 +++++++-----
 src/testdir/test_signs.vim | 14 ++++++++++++++
 src/version.c              |  2 ++
 3 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/src/drawline.c b/src/drawline.c
index c423756178..c77f88848c 100644
--- a/src/drawline.c
+++ b/src/drawline.c
@@ -124,7 +124,9 @@ typedef struct {
     int		saved_c_final;
     int		saved_char_attr;
 
-    char_u	extra[21];		// "%ld " and 'fdc' must fit in here
+    char_u	extra[NUMBUFLEN + MB_MAXBYTES];
+				// "%ld " and 'fdc' must fit in here, as well
+				// any text sign
 
 #ifdef FEAT_DIFF
     hlf_T	diff_hlf;	// type of diff highlighting
@@ -259,13 +261,13 @@ get_sign_display_info(
 		{
 		    if (nrcol)
 		    {
-			int n, width = number_width(wp) - 2;
+			int width = number_width(wp) - 2;
+			int n;
 
 			for (n = 0; n < width; n++)
 			    wlv->extra[n] = ' ';
-			wlv->extra[n] = 0;
-			STRCAT(wlv->extra, wlv->p_extra);
-			STRCAT(wlv->extra, " ");
+			vim_snprintf((char *)wlv->extra + n,
+				  sizeof(wlv->extra) - n, "%s ", wlv->p_extra);
 			wlv->p_extra = wlv->extra;
 		    }
 		    wlv->c_extra = NUL;
diff --git a/src/testdir/test_signs.vim b/src/testdir/test_signs.vim
index 790d9b4379..3a99a9b8fb 100644
--- a/src/testdir/test_signs.vim
+++ b/src/testdir/test_signs.vim
@@ -196,6 +196,20 @@ func Test_sign()
 			  \ bufnr('%'), 'E155:')
 endfunc
 
+func Test_sign_many_bytes()
+  new
+  set signcolumn=number
+  set number
+  call setline(1, 'some text')
+  " composing characters can use many bytes, check for overflow
+  sign define manyBytes text=▶᷄᷅᷆◀᷄᷅᷆᷇
+  sign place 17 line=1 name=manyBytes
+  redraw
+
+  bwipe!
+  sign undefine manyBytes
+endfunc
+
 " Undefining placed sign is not recommended.
 " Quoting :help sign
 "
diff --git a/src/version.c b/src/version.c
index 76955bbdcc..21ff87dc3b 100644
--- a/src/version.c
+++ b/src/version.c
@@ -699,6 +699,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    527,
 /**/
     526,
 /**/
-- 
cgit v1.2.3