To: vim_dev@googlegroups.com Subject: Patch 8.2.3669 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.2.3669 Problem: Buffer overflow with long help argument. Solution: Use snprintf(). Files: src/help.c, src/testdir/test_help.vim *** ../vim-8.2.3668/src/help.c 2021-06-02 12:28:11.431120460 +0100 --- src/help.c 2021-11-25 10:49:17.146843905 +0000 *************** *** 422,429 **** || (vim_strchr((char_u *)"%_z@", arg[1]) != NULL && arg[2] != NUL))) { ! STRCPY(d, "/\\\\"); ! STRCPY(d + 3, arg + 1); // Check for "/\\_$", should be "/\\_\$" if (d[3] == '_' && d[4] == '$') STRCPY(d + 4, "\\$"); --- 422,428 ---- || (vim_strchr((char_u *)"%_z@", arg[1]) != NULL && arg[2] != NUL))) { ! vim_snprintf((char *)d, IOSIZE, "/\\\\%s", arg + 1); // Check for "/\\_$", should be "/\\_\$" if (d[3] == '_' && d[4] == '$') STRCPY(d + 4, "\\$"); *** ../vim-8.2.3668/src/testdir/test_help.vim 2021-06-12 12:46:38.055854976 +0100 --- src/testdir/test_help.vim 2021-11-25 10:48:57.138842071 +0000 *************** *** 134,137 **** --- 134,146 ---- close endfunc + func Test_help_long_argument() + try + exe 'help \%' .. repeat('0', 1021) + catch + call assert_match("E149:", v:exception) + endtry + endfunc + + " vim: shiftwidth=2 sts=2 expandtab *** ../vim-8.2.3668/src/version.c 2021-11-24 20:28:23.599595260 +0000 --- src/version.c 2021-11-25 10:42:07.630521494 +0000 *************** *** 759,760 **** --- 759,762 ---- { /* Add new patch number below this line */ + /**/ + 3669, /**/ -- Dogs must have a permit signed by the mayor in order to congregate in groups of three or more on private property. [real standing law in Oklahoma, United States of America] /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// \\\ \\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///