Mercurial > vim
diff src/userfunc.c @ 18576:e9675870c480 v8.1.2282
patch 8.1.2282: crash when passing many arguments through a partial
Commit: https://github.com/vim/vim/commit/4c054e9fb23027b55a09ee647a3a2c91936aeb1b
Author: Bram Moolenaar <Bram@vim.org>
Date: Sun Nov 10 00:13:50 2019 +0100
patch 8.1.2282: crash when passing many arguments through a partial
Problem: Crash when passing many arguments through a partial. (Andy
Massimino)
Solution: Check the number of arguments. (closes #5186)
| author | Bram Moolenaar <Bram@vim.org> |
|---|---|
| date | Sun, 10 Nov 2019 00:15:04 +0100 |
| parents | 23fef64352a1 |
| children | 15539899a112 |
line wrap: on
line diff
--- a/src/userfunc.c +++ b/src/userfunc.c @@ -408,7 +408,7 @@ deref_func_name(char_u *name, int *lenp, * Give an error message with a function name. Handle <SNR> things. * "ermsg" is to be passed without translation, use N_() instead of _(). */ - static void + void emsg_funcname(char *ermsg, char_u *name) { char_u *p; @@ -1537,7 +1537,14 @@ call_func( if (error == ERROR_NONE && partial->pt_argc > 0) { for (argv_clear = 0; argv_clear < partial->pt_argc; ++argv_clear) + { + if (argv_clear + argcount_in >= MAX_FUNC_ARGS) + { + error = ERROR_TOOMANY; + goto theend; + } copy_tv(&partial->pt_argv[argv_clear], &argv[argv_clear]); + } for (i = 0; i < argcount_in; ++i) argv[i + argv_clear] = argvars_in[i]; argvars = argv; @@ -1672,6 +1679,7 @@ call_func( if (error == ERROR_NONE) ret = OK; +theend: /* * Report an error unless the argument evaluation or function call has been * cancelled due to an aborting error, an interrupt, or an exception.