To: vim_dev@googlegroups.com Subject: Patch 8.2.3487 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.2.3487 Problem: Illegal memory access if buffer name is very long. Solution: Make sure not to go over the end of the buffer. Files: src/drawscreen.c, src/testdir/test_statusline.vim *** ../vim-8.2.3486/src/drawscreen.c 2021-08-03 17:33:04.647157875 +0100 --- src/drawscreen.c 2021-10-08 18:37:50.413891712 +0100 *************** *** 464,476 **** *(p + len++) = ' '; if (bt_help(wp->w_buffer)) { ! STRCPY(p + len, _("[Help]")); len += (int)STRLEN(p + len); } #ifdef FEAT_QUICKFIX if (wp->w_p_pvw) { ! STRCPY(p + len, _("[Preview]")); len += (int)STRLEN(p + len); } #endif --- 464,476 ---- *(p + len++) = ' '; if (bt_help(wp->w_buffer)) { ! vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Help]")); len += (int)STRLEN(p + len); } #ifdef FEAT_QUICKFIX if (wp->w_p_pvw) { ! vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Preview]")); len += (int)STRLEN(p + len); } #endif *************** *** 480,491 **** #endif ) { ! STRCPY(p + len, "[+]"); ! len += 3; } if (wp->w_buffer->b_p_ro) { ! STRCPY(p + len, _("[RO]")); len += (int)STRLEN(p + len); } --- 480,491 ---- #endif ) { ! vim_snprintf((char *)p + len, MAXPATHL - len, "%s", "[+]"); ! len += (int)STRLEN(p + len); } if (wp->w_buffer->b_p_ro) { ! vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[RO]")); len += (int)STRLEN(p + len); } *** ../vim-8.2.3486/src/testdir/test_statusline.vim 2021-05-15 16:23:22.886858565 +0100 --- src/testdir/test_statusline.vim 2021-10-08 18:29:53.731491698 +0100 *************** *** 522,525 **** --- 522,535 ---- %bw! endfunc + " Used to write beyond allocated memory. This assumes MAXPATHL is 4096 bytes. + func Test_statusline_verylong_filename() + let fname = repeat('x', 4090) + exe "new " .. fname + set buftype=help + set previewwindow + redraw + bwipe! + endfunc + " vim: shiftwidth=2 sts=2 expandtab *** ../vim-8.2.3486/src/version.c 2021-10-06 22:08:07.913476179 +0100 --- src/version.c 2021-10-08 18:38:40.266557136 +0100 *************** *** 759,760 **** --- 759,762 ---- { /* Add new patch number below this line */ + /**/ + 3487, /**/ -- "Computers in the future may weigh no more than 1.5 tons." Popular Mechanics, 1949 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// \\\ \\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///