patch 8.0.1047: buffer overflow in Ruby

author Bram Moolenaar <Bram@vim.org>

Sun, 3 Sep 2017 13:17:48 +0000 (15:17 +0200)

committer Bram Moolenaar <Bram@vim.org>

Sun, 3 Sep 2017 13:17:48 +0000 (15:17 +0200)
author Bram Moolenaar <Bram@vim.org>
Sun, 3 Sep 2017 13:17:48 +0000 (15:17 +0200)
committer Bram Moolenaar <Bram@vim.org>
Sun, 3 Sep 2017 13:17:48 +0000 (15:17 +0200)
diff --git a/src/if_ruby.c b/src/if_ruby.c

index 02b59dd14a2b9da474d365dff6d043e78914e660..d38ed2fbb1fb2cb9ef3d07e04a1416c1862ebabf 100644 (file)
--- a/src/if_ruby.c
+++ b/src/if_ruby.c
@@ -984,7 +984,7 @@ static VALUE vim_message(VALUE self UNUSED, VALUE str)
      if (RSTRING_LEN(str) > 0)
      {
         /* Only do this when the string isn't empty, alloc(0) causes trouble. */
-       buff = ALLOCA_N(char, RSTRING_LEN(str));
+       buff = ALLOCA_N(char, RSTRING_LEN(str) + 1);
         strcpy(buff, RSTRING_PTR(str));
         p = strchr(buff, '\n');
         if (p) *p = '\0';
diff --git a/src/version.c b/src/version.c

index a57e11f5b7571f40b2efe9bcb656a8a4e8925aa4..2034504cccd0e0fb65d7333da1dd2492a83868f8 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -769,6 +769,8 @@ static char *(features[]) =
  
  static int included_patches[] =
  {   /* Add new patch number below this line */
+/**/
+    1047,
  /**/
      1046,
  /**/
author	Bram Moolenaar <Bram@vim.org>
	Sun, 3 Sep 2017 13:17:48 +0000 (15:17 +0200)
committer	Bram Moolenaar <Bram@vim.org>
	Sun, 3 Sep 2017 13:17:48 +0000 (15:17 +0200)
src/if_ruby.c		patch \| blob \| history
src/version.c		patch \| blob \| history