From ca24e2cfcfd3f064ea1674886e3dcaa8254ad8d7 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Sun, 22 Jan 2017 15:19:22 +0100
Subject: [PATCH] patch 8.0.0213: Netbeans specialKeys command does not check
 argument length

Problem:    The Netbeans "specialKeys" command does not check if the argument
            fits in the buffer. (Coverity)
Solution:   Add a length check.
---
 src/netbeans.c | 14 +++++++++-----
 src/version.c  |  2 ++
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/netbeans.c b/src/netbeans.c
index cc5560412..fb4cb766d 100644
--- a/src/netbeans.c
+++ b/src/netbeans.c
@@ -2332,7 +2332,8 @@ special_keys(char_u *args)
     char *save_str = nb_unquote(args, NULL);
     char *tok = strtok(save_str, " ");
     char *sep;
-    char keybuf[64];
+#define KEYBUFLEN 64
+    char keybuf[KEYBUFLEN];
     char cmdbuf[256];
 
     while (tok != NULL)
@@ -2359,10 +2360,13 @@ special_keys(char_u *args)
 	    tok++;
 	}
 
-	strcpy(&keybuf[i], tok);
-	vim_snprintf(cmdbuf, sizeof(cmdbuf),
-				"<silent><%s> :nbkey %s<CR>", keybuf, keybuf);
-	do_map(0, (char_u *)cmdbuf, NORMAL, FALSE);
+	if (strlen(tok) + i < KEYBUFLEN)
+	{
+	    strcpy(&keybuf[i], tok);
+	    vim_snprintf(cmdbuf, sizeof(cmdbuf),
+				 "<silent><%s> :nbkey %s<CR>", keybuf, keybuf);
+	    do_map(0, (char_u *)cmdbuf, NORMAL, FALSE);
+	}
 	tok = strtok(NULL, " ");
     }
     vim_free(save_str);
diff --git a/src/version.c b/src/version.c
index 741b8da1e..592c77ca7 100644
--- a/src/version.c
+++ b/src/version.c
@@ -764,6 +764,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    213,
 /**/
     212,
 /**/
-- 
2.50.1