comparison src/macros.h @ 33262:6eac4f616293 v9.0.1899

patch 9.0.1899: potential buffer overflow in PBYTE macro Commit: https://github.com/vim/vim/commit/ffb13674d1af1c90beb229867ec989e4fb232df3 Author: Christian Brabandt <cb@256bit.org> Date: Fri Sep 15 20:22:02 2023 +0200 patch 9.0.1899: potential buffer overflow in PBYTE macro Problem: potential buffer overflow in PBYTE macro Solution: Check returned memline length closes: #13083 the PBYTE macro is used to put byte c at a position lp of the returned memline. However, in case of unexpected errors ml_get_buf() may return either "???" or an empty line in which case it is quite likely that we are causing a buffer overrun. Therefore, switch the macro PBYTE (which is only used in ops.c anyhow) to a function, that verifies that we will only try to access within the given length of the buffer. Also, since the macro is only used in ops.c, move the definition from macros.h to ops.c Signed-off-by: Christian Brabandt <cb@256bit.org>
author Christian Brabandt <cb@256bit.org>
date Fri, 15 Sep 2023 20:30:07 +0200
parents 256febd1cbf0
children cb88e5c589d0
comparison
equal deleted inserted replaced
33261:cc83932e459d 33262:6eac4f616293
10 * macros.h: macro definitions for often used code 10 * macros.h: macro definitions for often used code
11 * 11 *
12 * Macros should be ALL_CAPS. An exception is for where a function is 12 * Macros should be ALL_CAPS. An exception is for where a function is
13 * replaced and an argument is not used more than once. 13 * replaced and an argument is not used more than once.
14 */ 14 */
15
16 /*
17 * PBYTE(lp, c) - put byte 'c' at position 'lp'
18 */
19 #define PBYTE(lp, c) (*(ml_get_buf(curbuf, (lp).lnum, TRUE) + (lp).col) = (c))
20 15
21 /* 16 /*
22 * Position comparisons 17 * Position comparisons
23 */ 18 */
24 #define LT_POS(a, b) (((a).lnum != (b).lnum) \ 19 #define LT_POS(a, b) (((a).lnum != (b).lnum) \