]> granicus.if.org Git - vim/commitdiff
projects / vim / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5a8fad3)
patch 8.2.4963: expanding path with "/**" may overrun end of buffer v8.2.4963
authorBram Moolenaar <Bram@vim.org>
Mon, 16 May 2022 11:37:36 +0000 (12:37 +0100)
committerBram Moolenaar <Bram@vim.org>
Mon, 16 May 2022 11:37:36 +0000 (12:37 +0100)
Problem:    Expanding path with "/**" may overrun end of buffer.
Solution:   Use vim_snprintf().

src/filepath.c patch | blob | history
src/version.c patch | blob | history

diff --git a/src/filepath.c b/src/filepath.c
index 56a99e40d75ceba611c6e318dfdec4c241e02fdd..3f7825ceda22f22ddabe7f932f5512f2ac4e8c7c 100644 (file)
--- a/src/filepath.c
+++ b/src/filepath.c
@@ -3589,6 +3589,7 @@ unix_expandpath(
     int                didstar)        // expanded "**" once already
 {
     char_u     *buf;
+    size_t     buflen;
     char_u     *path_end;
     char_u     *p, *s, *e;
     int                start_len = gap->ga_len;
@@ -3612,7 +3613,8 @@ unix_expandpath(
     }
 
     // make room for file name
-    buf = alloc(STRLEN(path) + BASENAMELEN + 5);
+    buflen = STRLEN(path) + BASENAMELEN + 5;
+    buf = alloc(buflen);
     if (buf == NULL)
        return 0;
 
@@ -3737,14 +3739,14 @@ unix_expandpath(
                {
                    // For "**" in the pattern first go deeper in the tree to
                    // find matches.
-                   STRCPY(buf + len, "/**");
-                   STRCPY(buf + len + 3, path_end);
+                   vim_snprintf((char *)buf + len, buflen - len,
+                                                           "/**%s", path_end);
                    ++stardepth;
                    (void)unix_expandpath(gap, buf, len + 1, flags, TRUE);
                    --stardepth;
                }
 
-               STRCPY(buf + len, path_end);
+               vim_snprintf((char *)buf + len, buflen - len, "%s", path_end);
                if (mch_has_exp_wildcard(path_end)) // handle more wildcards
                {
                    // need to expand another component of the path
diff --git a/src/version.c b/src/version.c
index 1a33a7398e41b7a7e3356e5a8135f87a773de72a..fddf7d909ab7446f966ff916ed97335553879eb2 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -746,6 +746,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    4963,
 /**/
     4962,
 /**/
Unnamed repository; edit this file 'description' to name the repository.