Mercurial > vim
annotate src/proto/getchar.pro @ 33864:6e4c686b6b5b v9.0.2142
patch 9.0.2142: [security]: stack-buffer-overflow in option callback functions
Commit: https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47
Author: Christian Brabandt <cb@256bit.org>
Date: Wed Nov 29 11:34:05 2023 +0100
patch 9.0.2142: [security]: stack-buffer-overflow in option callback functions
Problem: [security]: stack-buffer-overflow in option callback functions
Solution: pass size of errbuf down the call stack, use snprintf()
instead of sprintf()
We pass the error buffer down to the option callback functions, but in
some parts of the code, we simply use sprintf(buf) to write into the error
buffer, which can overflow.
So let's pass down the length of the error buffer and use sprintf(buf, size)
instead.
Reported by @henices, thanks!
Signed-off-by: Christian Brabandt <cb@256bit.org>
| author | Christian Brabandt <cb@256bit.org> |
|---|---|
| date | Sun, 10 Dec 2023 15:16:04 +0100 |
| parents | 664ee4c0daca |
| children | 6be721794e1f |
| rev | line source |
|---|---|
|
32670
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
1 /* getchar.c */ |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
2 char_u *get_recorded(void); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
3 char_u *get_inserted(void); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
4 int stuff_empty(void); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
5 int readbuf1_empty(void); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
6 void typeahead_noflush(int c); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
7 void flush_buffers(flush_buffers_T flush_typeahead); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
8 void ResetRedobuff(void); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
9 void CancelRedo(void); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
10 void saveRedobuff(save_redo_T *save_redo); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
11 void restoreRedobuff(save_redo_T *save_redo); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
12 void AppendToRedobuff(char_u *s); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
13 void AppendToRedobuffLit(char_u *str, int len); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
14 void AppendToRedobuffSpec(char_u *s); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
15 void AppendCharToRedobuff(int c); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
16 void AppendNumberToRedobuff(long n); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
17 void stuffReadbuff(char_u *s); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
18 void stuffRedoReadbuff(char_u *s); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
19 void stuffReadbuffSpec(char_u *s); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
20 void stuffcharReadbuff(int c); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
21 void stuffnumReadbuff(long n); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
22 void stuffescaped(char_u *arg, int literally); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
23 int start_redo(long count, int old_redo); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
24 int start_redo_ins(void); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
25 void stop_redo_ins(void); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
26 int noremap_keys(void); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
27 int ins_typebuf(char_u *str, int noremap, int offset, int nottyped, int silent); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
28 int ins_char_typebuf(int c, int modifiers); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
29 int typebuf_changed(int tb_change_cnt); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
30 int typebuf_typed(void); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
31 int typebuf_maplen(void); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
32 void del_typebuf(int len, int offset); |
|
32750
dfaddd6f039e
patch 9.0.1694: wrong mapping applied when replaying a char search
Christian Brabandt <cb@256bit.org>
parents:
32670
diff
changeset
|
33 void gotchars_nop(void); |
|
32670
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
34 void ungetchars(int len); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
35 int save_typebuf(void); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
36 void save_typeahead(tasave_T *tp); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
37 void restore_typeahead(tasave_T *tp, int overwrite); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
38 void openscript(char_u *name, int directly); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
39 void close_all_scripts(void); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
40 int using_script(void); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
41 void before_blocking(void); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
42 int merge_modifyOtherKeys(int c_arg, int *modifiers); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
43 int vgetc(void); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
44 int safe_vgetc(void); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
45 int plain_vgetc(void); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
46 int vpeekc(void); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
47 int vpeekc_nomap(void); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
48 int vpeekc_any(void); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
49 int char_avail(void); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
50 void f_getchar(typval_T *argvars, typval_T *rettv); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
51 void f_getcharstr(typval_T *argvars, typval_T *rettv); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
52 void f_getcharmod(typval_T *argvars, typval_T *rettv); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
53 void parse_queued_messages(void); |
|
33662
664ee4c0daca
patch 9.0.2069: possible to escape bracketed paste mode with Ctrl-C
Christian Brabandt <cb@256bit.org>
parents:
32750
diff
changeset
|
54 int key_protocol_enabled(void); |
|
32670
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
55 void vungetc(int c); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
56 int fix_input_buffer(char_u *buf, int len); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
57 int input_available(void); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
58 void may_add_last_used_map_to_redobuff(void); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
59 int do_cmdkey_command(int key, int flags); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
60 void reset_last_used_map(mapblock_T *mp); |
|
695b50472e85
Fix line endings issue
Christian Brabandt <cb@256bit.org>
parents:
32669
diff
changeset
|
61 /* vim: set ft=c : */ |