Mercurial > vim
comparison src/tag.c @ 13068:63fdea6e9c6c v8.0.1409
patch 8.0.1409: buffer overflow in :tags command
commit https://github.com/vim/vim/commit/132f75255ecea17ff621f71236568c5d8d8e0163
Author: Bram Moolenaar <Bram@vim.org>
Date: Tue Dec 19 10:49:34 2017 +0100
patch 8.0.1409: buffer overflow in :tags command
Problem: Buffer overflow in :tags command.
Solution: Use vim_snprintf(). (Dominique Pelle, closes https://github.com/vim/vim/issues/2471, closes https://github.com/vim/vim/issues/2475)
Add a test.
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Tue, 19 Dec 2017 11:00:06 +0100 |
parents | 429bf1b9292f |
children | b88fa651c824 |
comparison
equal
deleted
inserted
replaced
13067:90405f52088a | 13068:63fdea6e9c6c |
---|---|
1128 name = fm_getname(&(tagstack[i].fmark), 30); | 1128 name = fm_getname(&(tagstack[i].fmark), 30); |
1129 if (name == NULL) /* file name not available */ | 1129 if (name == NULL) /* file name not available */ |
1130 continue; | 1130 continue; |
1131 | 1131 |
1132 msg_putchar('\n'); | 1132 msg_putchar('\n'); |
1133 sprintf((char *)IObuff, "%c%2d %2d %-15s %5ld ", | 1133 vim_snprintf((char *)IObuff, IOSIZE, "%c%2d %2d %-15s %5ld ", |
1134 i == tagstackidx ? '>' : ' ', | 1134 i == tagstackidx ? '>' : ' ', |
1135 i + 1, | 1135 i + 1, |
1136 tagstack[i].cur_match + 1, | 1136 tagstack[i].cur_match + 1, |
1137 tagstack[i].tagname, | 1137 tagstack[i].tagname, |
1138 tagstack[i].fmark.mark.lnum); | 1138 tagstack[i].fmark.mark.lnum); |