Mercurial > vim

diff src/ex_docmd.c @ 28741:b44f15083faf v8.2.4895

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.2.4895: buffer overflow with invalid command with composing chars Commit: https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c Author: Bram Moolenaar <Bram@vim.org> Date: Fri May 6 20:38:47 2022 +0100 patch 8.2.4895: buffer overflow with invalid command with composing chars Problem: Buffer overflow with invalid command with composing chars. Solution: Check that the whole character fits in the buffer.
author Bram Moolenaar <Bram@vim.org>
date Fri, 06 May 2022 21:45:02 +0200
parents 930f1bb1649d
children d770568e6c98
line wrap: on
line diff
--- a/src/ex_docmd.c
+++ b/src/ex_docmd.c
@@ -3435,7 +3435,7 @@ append_command(char_u *cmd)
 
     STRCAT(IObuff, ": ");
     d = IObuff + STRLEN(IObuff);
-    while (*s != NUL && d - IObuff < IOSIZE - 7)
+    while (*s != NUL && d - IObuff + 5 < IOSIZE)
     {
 	if (enc_utf8 ? (s[0] == 0xc2 && s[1] == 0xa0) : *s == 0xa0)
 	{
@@ -3443,6 +3443,8 @@ append_command(char_u *cmd)
 	    STRCPY(d, "<a0>");
 	    d += 4;
 	}
+	else if (d - IObuff + (*mb_ptr2len)(s) + 1 >= IOSIZE)
+	    break;
 	else
 	    MB_COPY_CHAR(s, d);
     }