Mercurial > vim
view .appveyor.yml @ 33422:25d250a74bb6 v9.0.1969
patch 9.0.1969: [security] buffer-overflow in trunc_string()
Commit: https://github.com/vim/vim/commit/3bd7fa12e146c6051490d048a4acbfba974eeb04
Author: Christian Brabandt <cb@256bit.org>
Date: Mon Oct 2 20:59:08 2023 +0200
patch 9.0.1969: [security] buffer-overflow in trunc_string()
Problem: buffer-overflow in trunc_string()
Solution: Add NULL at end of buffer
Currently trunc_string() assumes that when the string is too long,
buf[e-1] will always be writeable. But that assumption may not always be
true. The condition currently looks like this
else if (e + 3 < buflen)
[...]
else
{
// can't fit in the "...", just truncate it
buf[e - 1] = NUL;
}
but this means, we may run into the last else clause with e still being
larger than buflen. So a buffer overflow occurs.
So instead of using `buf[e - 1]`, let's just always
truncate at `buf[buflen - 1]` which should always be writable.
Signed-off-by: Christian Brabandt <cb@256bit.org>
| author | Christian Brabandt <cb@256bit.org> |
|---|---|
| date | Mon, 02 Oct 2023 21:30:04 +0200 |
| parents | 0c7d833308c7 |
| children | 93c715c63a4a |
line wrap: on
line source
version: "{build}" image: Visual Studio 2015 skip_tags: true environment: matrix: - FEATURE: HUGE # Alternate environments, not used right now. 2022 is a lot slower. # # - job_name: VS-2015 # appveyor_build_worker_image: Visual Studio 2015 # FEATURE: HUGE # - job_name: VS-2017 # appveyor_build_worker_image: Visual Studio 2017 # FEATURE: HUGE # - job_name: VS-2019 # appveyor_build_worker_image: Visual Studio 2019 # FEATURE: HUGE # - job_name: VS-2022 # appveyor_build_worker_image: Visual Studio 2022 # FEATURE: HUGE # disabled # - FEATURE: TINY # - FEATURE: NORMAL # - FEATURE: BIG matrix: fast_finish: true before_build: - call ver - ci\appveyor.bat install build_script: - ci\appveyor.bat build test_script: - ci\appveyor.bat test artifacts: - path: src/vim.exe name: vim - path: src/gvim.exe name: gvim # vim: sw=2 sts=2 et ts=8 sr