view .hgignore @ 33422:25d250a74bb6 v9.0.1969

patch 9.0.1969: [security] buffer-overflow in trunc_string() Commit: https://github.com/vim/vim/commit/3bd7fa12e146c6051490d048a4acbfba974eeb04 Author: Christian Brabandt <cb@256bit.org> Date: Mon Oct 2 20:59:08 2023 +0200 patch 9.0.1969: [security] buffer-overflow in trunc_string() Problem: buffer-overflow in trunc_string() Solution: Add NULL at end of buffer Currently trunc_string() assumes that when the string is too long, buf[e-1] will always be writeable. But that assumption may not always be true. The condition currently looks like this else if (e + 3 < buflen) [...] else { // can't fit in the "...", just truncate it buf[e - 1] = NUL; } but this means, we may run into the last else clause with e still being larger than buflen. So a buffer overflow occurs. So instead of using `buf[e - 1]`, let's just always truncate at `buf[buflen - 1]` which should always be writable. Signed-off-by: Christian Brabandt <cb@256bit.org>
author Christian Brabandt <cb@256bit.org>
date Mon, 02 Oct 2023 21:30:04 +0200
parents 7aeaf20e2ba5
children 6e66a52748d0
line wrap: on
line source

syntax: glob

# Unixen: object and executable files.
*.o
src/vim
src/xxd/xxd
src/auto/if_perl.c
src/auto/gui_gtk_gresources.c
src/auto/gui_gtk_gresources.h
src/auto/os_haiku.rdef
src/objects/.dirstamp
src/objects
src/types.vim

# We do need src/auto/configure.
src/auto/config.cache
src/auto/config.h
src/auto/config.log
src/auto/config.mk
src/auto/config.status
src/auto/osdef.h
src/auto/link.log
src/auto/link.sed
src/auto/pathdef.c

# Windows
*.exe
*.idb
*.exp
*.map
*.obj
*.pdb
*.ilk
*.sln
*.suo
*.res
*.RES
vim*.dll
vim*.lib
src/dobj*/pathdef.c
src/gobj*/pathdef.c
src/obj*/pathdef.c
src/Obj*/pathdef.c
gvimext.dll
gvimext.lib
gvim.lib
runtime/doc/uganda.nsis.txt
nsis/icons/*
/vim90/
.vscode/

# NetBeans
nbproject/*

# Mac OSX
src/xxd/xxd.dSYM
.DS_Store

# All platforms
*.rej
*.orig
*.mo
*.swp
*~
*.pyc
*.log
src/po/vim.pot
src/tags
/tags
/GPATH
/GTAGS
/GRTAGS
nsis/tags

# Generated by "make test"
src/po/*.ck
src/po/*.desktop
src/testdir/mbyte.vim
src/testdir/mzscheme.vim
src/testdir/lua.vim
src/testdir/small.vim
src/testdir/tiny.vim
src/testdir/test*.out
src/testdir/test*.failed
src/testdir/test.log
src/testdir/dostmp/*
src/testdir/messages
src/testdir/viminfo
src/testdir/opt_test.vim
src/testdir/failed
src/testdir/starttime
runtime/indent/testdir/*.out
runtime/indent/testdir/*.fail
src/memfile_test
src/json_test
src/message_test
src/kword_test

# Generated by "make install"
runtime/doc/doctags

# Generated by "make shadow".  The directory names could be anything but we
# restrict them to shadow (the default) or shadow-*
src/shadow
src/shadow-*
src/runtime
src/pixmaps

# other files possibly created by tools
src/cscope.out

# Linter/language server files
/.cache/clangd/
/.ccls-cache/
/compile_commands.json