# HG changeset patch
# User Bram Moolenaar <Bram@vim.org>
# Date 1637838007 -3600
# Node ID 35d000f3d5911617758851fea654cea01ee14a24
# Parent  6d8c6d07b3db959351536b1046da0b500f77afd0
patch 8.2.3669: buffer overflow with long help argument

Commit: https://github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142
Author: Bram Moolenaar <Bram@vim.org>
Date:   Thu Nov 25 10:50:12 2021 +0000

    patch 8.2.3669: buffer overflow with long help argument

    Problem:    Buffer overflow with long help argument.
    Solution:   Use snprintf().

diff --git a/src/help.c b/src/help.c
--- a/src/help.c
+++ b/src/help.c
@@ -422,8 +422,7 @@ find_help_tags(
 		    || (vim_strchr((char_u *)"%_z@", arg[1]) != NULL
 							   && arg[2] != NUL)))
 	{
-	    STRCPY(d, "/\\\\");
-	    STRCPY(d + 3, arg + 1);
+	    vim_snprintf((char *)d, IOSIZE, "/\\\\%s", arg + 1);
 	    // Check for "/\\_$", should be "/\\_\$"
 	    if (d[3] == '_' && d[4] == '$')
 		STRCPY(d + 4, "\\$");
diff --git a/src/testdir/test_help.vim b/src/testdir/test_help.vim
--- a/src/testdir/test_help.vim
+++ b/src/testdir/test_help.vim
@@ -134,4 +134,13 @@ func Test_help_window_height()
   close
 endfunc
 
+func Test_help_long_argument()
+  try
+    exe 'help \%' .. repeat('0', 1021)
+  catch
+    call assert_match("E149:", v:exception)
+  endtry
+endfunc
+
+
 " vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/version.c b/src/version.c
--- a/src/version.c
+++ b/src/version.c
@@ -758,6 +758,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    3669,
+/**/
     3668,
 /**/
     3667,