Mercurial > vim

comparison src/ex_docmd.c @ 28741:b44f15083faf v8.2.4895

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.2.4895: buffer overflow with invalid command with composing chars Commit: https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c Author: Bram Moolenaar <Bram@vim.org> Date: Fri May 6 20:38:47 2022 +0100 patch 8.2.4895: buffer overflow with invalid command with composing chars Problem: Buffer overflow with invalid command with composing chars. Solution: Check that the whole character fits in the buffer.
author Bram Moolenaar <Bram@vim.org>
date Fri, 06 May 2022 21:45:02 +0200
parents 930f1bb1649d
children d770568e6c98
comparison
equal deleted inserted replaced
28740:da9f84bdc1c8 28741:b44f15083faf
3433 char_u *s = cmd; 3433 char_u *s = cmd;
3434 char_u *d; 3434 char_u *d;
3435 3435
3436 STRCAT(IObuff, ": "); 3436 STRCAT(IObuff, ": ");
3437 d = IObuff + STRLEN(IObuff); 3437 d = IObuff + STRLEN(IObuff);
3438 while (*s != NUL && d - IObuff < IOSIZE - 7) 3438 while (*s != NUL && d - IObuff + 5 < IOSIZE)
3439 { 3439 {
3440 if (enc_utf8 ? (s[0] == 0xc2 && s[1] == 0xa0) : *s == 0xa0) 3440 if (enc_utf8 ? (s[0] == 0xc2 && s[1] == 0xa0) : *s == 0xa0)
3441 { 3441 {
3442 s += enc_utf8 ? 2 : 1; 3442 s += enc_utf8 ? 2 : 1;
3443 STRCPY(d, "<a0>"); 3443 STRCPY(d, "<a0>");
3444 d += 4; 3444 d += 4;
3445 } 3445 }
3446 else if (d - IObuff + (*mb_ptr2len)(s) + 1 >= IOSIZE)
3447 break;
3446 else 3448 else
3447 MB_COPY_CHAR(s, d); 3449 MB_COPY_CHAR(s, d);
3448 } 3450 }
3449 *d = NUL; 3451 *d = NUL;
3450 } 3452 }