patch 8.2.3487: illegal memory access if buffer name is very long

author Bram Moolenaar <Bram@vim.org>

Fri, 8 Oct 2021 17:39:28 +0000 (18:39 +0100)

committer Bram Moolenaar <Bram@vim.org>

Fri, 8 Oct 2021 17:39:28 +0000 (18:39 +0100)
author Bram Moolenaar <Bram@vim.org>
Fri, 8 Oct 2021 17:39:28 +0000 (18:39 +0100)
committer Bram Moolenaar <Bram@vim.org>
Fri, 8 Oct 2021 17:39:28 +0000 (18:39 +0100)
diff --git a/src/drawscreen.c b/src/drawscreen.c

index 82e53753bf9b6783392110df7814a73501452839..e38ca95863b36c51026b4d99c8b16a70141d0f8e 100644 (file)
--- a/src/drawscreen.c
+++ b/src/drawscreen.c
@@ -464,13 +464,13 @@ win_redr_status(win_T *wp, int ignore_pum UNUSED)
             *(p + len++) = ' ';
         if (bt_help(wp->w_buffer))
         {
-           STRCPY(p + len, _("[Help]"));
+           vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Help]"));
             len += (int)STRLEN(p + len);
         }
  #ifdef FEAT_QUICKFIX
         if (wp->w_p_pvw)
         {
-           STRCPY(p + len, _("[Preview]"));
+           vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Preview]"));
             len += (int)STRLEN(p + len);
         }
  #endif
@@ -480,12 +480,12 @@ win_redr_status(win_T *wp, int ignore_pum UNUSED)
  #endif
                 )
         {
-           STRCPY(p + len, "[+]");
-           len += 3;
+           vim_snprintf((char *)p + len, MAXPATHL - len, "%s", "[+]");
+           len += (int)STRLEN(p + len);
         }
         if (wp->w_buffer->b_p_ro)
         {
-           STRCPY(p + len, _("[RO]"));
+           vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[RO]"));
             len += (int)STRLEN(p + len);
         }
  
diff --git a/src/testdir/test_statusline.vim b/src/testdir/test_statusline.vim

index f3eea2e71eb132c1eb75f4460b138698743a40c5..a952de69b9046af0bf2a2b824a7a8f3381ab2ae5 100644 (file)
--- a/src/testdir/test_statusline.vim
+++ b/src/testdir/test_statusline.vim
@@ -522,4 +522,14 @@ func Test_statusline_mbyte_fillchar()
    %bw!
  endfunc
  
+" Used to write beyond allocated memory.  This assumes MAXPATHL is 4096 bytes.
+func Test_statusline_verylong_filename()
+  let fname = repeat('x', 4090)
+  exe "new " .. fname
+  set buftype=help
+  set previewwindow
+  redraw
+  bwipe!
+endfunc
+
  " vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/version.c b/src/version.c

index 4c66b2425edca7122a2bc229b9898a16141fa8b5..06421bb0f2e7fe66d12f04e310063e8972132f76 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -757,6 +757,8 @@ static char *(features[]) =
  
  static int included_patches[] =
  {   /* Add new patch number below this line */
+/**/
+    3487,
  /**/
      3486,
  /**/
author	Bram Moolenaar <Bram@vim.org>
	Fri, 8 Oct 2021 17:39:28 +0000 (18:39 +0100)
committer	Bram Moolenaar <Bram@vim.org>
	Fri, 8 Oct 2021 17:39:28 +0000 (18:39 +0100)
src/drawscreen.c		patch \| blob \| history
src/testdir/test_statusline.vim		patch \| blob \| history
src/version.c		patch \| blob \| history