changeset 13068:63fdea6e9c6c v8.0.1409

patch 8.0.1409: buffer overflow in :tags command commit https://github.com/vim/vim/commit/132f75255ecea17ff621f71236568c5d8d8e0163 Author: Bram Moolenaar <Bram@vim.org> Date: Tue Dec 19 10:49:34 2017 +0100 patch 8.0.1409: buffer overflow in :tags command Problem: Buffer overflow in :tags command. Solution: Use vim_snprintf(). (Dominique Pelle, closes https://github.com/vim/vim/issues/2471, closes https://github.com/vim/vim/issues/2475) Add a test.
author Christian Brabandt <cb@256bit.org>
date Tue, 19 Dec 2017 11:00:06 +0100
parents 90405f52088a
children 5dcf876e6c69
files src/tag.c src/testdir/test_taglist.vim src/version.c
diffstat 3 files changed, 9 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/tag.c
+++ b/src/tag.c
@@ -1130,7 +1130,7 @@ do_tags(exarg_T *eap UNUSED)
 		continue;
 
 	    msg_putchar('\n');
-	    sprintf((char *)IObuff, "%c%2d %2d %-15s %5ld  ",
+	    vim_snprintf((char *)IObuff, IOSIZE, "%c%2d %2d %-15s %5ld  ",
 		i == tagstackidx ? '>' : ' ',
 		i + 1,
 		tagstack[i].cur_match + 1,
--- a/src/testdir/test_taglist.vim
+++ b/src/testdir/test_taglist.vim
@@ -1,4 +1,4 @@
-" test 'taglist' function
+" test 'taglist' function and :tags command
 
 func Test_taglist()
   call writefile([
@@ -56,3 +56,8 @@ func Test_taglist_ctags_etags()
 
   call delete('Xtags')
 endfunc
+
+func Test_tags_too_long()
+  call assert_fails('tag ' . repeat('x', 1020), 'E426')
+  tags
+endfunc
--- a/src/version.c
+++ b/src/version.c
@@ -772,6 +772,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1409,
+/**/
     1408,
 /**/
     1407,