Mercurial > vim

view src/proto/optionstr.pro @ 33864:6e4c686b6b5b v9.0.2142

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 9.0.2142: [security]: stack-buffer-overflow in option callback functions Commit: https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 Author: Christian Brabandt <cb@256bit.org> Date: Wed Nov 29 11:34:05 2023 +0100 patch 9.0.2142: [security]: stack-buffer-overflow in option callback functions Problem: [security]: stack-buffer-overflow in option callback functions Solution: pass size of errbuf down the call stack, use snprintf() instead of sprintf() We pass the error buffer down to the option callback functions, but in some parts of the code, we simply use sprintf(buf) to write into the error buffer, which can overflow. So let's pass down the length of the error buffer and use sprintf(buf, size) instead. Reported by @henices, thanks! Signed-off-by: Christian Brabandt <cb@256bit.org>
author Christian Brabandt <cb@256bit.org>
date Sun, 10 Dec 2023 15:16:04 +0100
parents 46d449fd4fe4
children 2f9090601258
line wrap: on
line source

/* optionstr.c */
void didset_string_options(void);
void trigger_optionset_string(int opt_idx, int opt_flags, char_u *oldval, char_u *oldval_l, char_u *oldval_g, char_u *newval);
void check_buf_options(buf_T *buf);
void free_string_option(char_u *p);
void clear_string_option(char_u **pp);
void check_string_option(char_u **pp);
void set_string_option_direct(char_u *name, int opt_idx, char_u *val, int opt_flags, int set_sid);
void set_string_option_direct_in_win(win_T *wp, char_u *name, int opt_idx, char_u *val, int opt_flags, int set_sid);
void set_string_option_direct_in_buf(buf_T *buf, char_u *name, int opt_idx, char_u *val, int opt_flags, int set_sid);
char *set_string_option(int opt_idx, char_u *value, int opt_flags, char *errbuf, int errbuflen);
char *did_set_ambiwidth(optset_T *args);
char *did_set_background(optset_T *args);
char *did_set_backspace(optset_T *args);
char *did_set_backupcopy(optset_T *args);
char *did_set_backupext_or_patchmode(optset_T *args);
char *did_set_belloff(optset_T *args);
char *did_set_breakindentopt(optset_T *args);
char *did_set_browsedir(optset_T *args);
char *did_set_bufhidden(optset_T *args);
char *did_set_buftype(optset_T *args);
char *did_set_casemap(optset_T *args);
char *did_set_chars_option(optset_T *args);
char *did_set_cinoptions(optset_T *args);
char *did_set_colorcolumn(optset_T *args);
char *did_set_comments(optset_T *args);
char *did_set_commentstring(optset_T *args);
char *did_set_complete(optset_T *args);
char *did_set_completeopt(optset_T *args);
char *did_set_completepopup(optset_T *args);
char *did_set_completeslash(optset_T *args);
char *did_set_concealcursor(optset_T *args);
char *did_set_cpoptions(optset_T *args);
char *did_set_cryptkey(optset_T *args);
char *did_set_cryptmethod(optset_T *args);
char *did_set_cscopequickfix(optset_T *args);
char *did_set_cursorlineopt(optset_T *args);
char *did_set_debug(optset_T *args);
char *did_set_diffopt(optset_T *args);
char *did_set_display(optset_T *args);
char *did_set_eadirection(optset_T *args);
char *did_set_encoding(optset_T *args);
char *did_set_eventignore(optset_T *args);
char *did_set_fileformat(optset_T *args);
char *did_set_fileformats(optset_T *args);
char *did_set_filetype_or_syntax(optset_T *args);
char *did_set_foldclose(optset_T *args);
char *did_set_foldexpr(optset_T *args);
char *did_set_foldignore(optset_T *args);
char *did_set_foldmarker(optset_T *args);
char *did_set_foldmethod(optset_T *args);
char *did_set_foldopen(optset_T *args);
char *did_set_formatoptions(optset_T *args);
char *did_set_guicursor(optset_T *args);
char *did_set_guifont(optset_T *args);
char *did_set_guifontset(optset_T *args);
char *did_set_guifontwide(optset_T *args);
char *did_set_guiligatures(optset_T *args);
char *did_set_guioptions(optset_T *args);
char *did_set_guitablabel(optset_T *args);
char *did_set_helpfile(optset_T *args);
char *did_set_helplang(optset_T *args);
char *did_set_highlight(optset_T *args);
char *did_set_iconstring(optset_T *args);
char *did_set_imactivatekey(optset_T *args);
char *did_set_isopt(optset_T *args);
char *did_set_jumpoptions(optset_T *args);
char *did_set_keymap(optset_T *args);
char *did_set_keymodel(optset_T *args);
char *did_set_keyprotocol(optset_T *args);
char *did_set_lispoptions(optset_T *args);
char *did_set_matchpairs(optset_T *args);
char *did_set_mkspellmem(optset_T *args);
char *did_set_mouse(optset_T *args);
char *did_set_mousemodel(optset_T *args);
char *did_set_mouseshape(optset_T *args);
char *did_set_nrformats(optset_T *args);
char *did_set_optexpr(optset_T *args);
char *did_set_pastetoggle(optset_T *args);
char *did_set_previewpopup(optset_T *args);
char *did_set_printencoding(optset_T *args);
char *did_set_renderoptions(optset_T *args);
char *did_set_rightleftcmd(optset_T *args);
char *did_set_rulerformat(optset_T *args);
char *did_set_scrollopt(optset_T *args);
char *did_set_selection(optset_T *args);
char *did_set_selectmode(optset_T *args);
char *did_set_sessionoptions(optset_T *args);
char *did_set_shortmess(optset_T *args);
char *did_set_showbreak(optset_T *args);
char *did_set_showcmdloc(optset_T *args);
char *did_set_signcolumn(optset_T *args);
char *did_set_spellcapcheck(optset_T *args);
char *did_set_spellfile(optset_T *args);
char *did_set_spelllang(optset_T *args);
char *did_set_spelloptions(optset_T *args);
char *did_set_spellsuggest(optset_T *args);
char *did_set_splitkeep(optset_T *args);
char *did_set_statusline(optset_T *args);
char *did_set_swapsync(optset_T *args);
char *did_set_switchbuf(optset_T *args);
char *did_set_tabline(optset_T *args);
char *did_set_tagcase(optset_T *args);
char *did_set_term(optset_T *args);
char *did_set_term_option(optset_T *args);
char *did_set_termwinkey(optset_T *args);
char *did_set_termwinsize(optset_T *args);
char *did_set_termwintype(optset_T *args);
char *did_set_titlestring(optset_T *args);
char *did_set_toolbar(optset_T *args);
char *did_set_toolbariconsize(optset_T *args);
char *did_set_ttymouse(optset_T *args);
char *did_set_varsofttabstop(optset_T *args);
char *did_set_vartabstop(optset_T *args);
char *did_set_verbosefile(optset_T *args);
char *did_set_viewoptions(optset_T *args);
char *did_set_viminfo(optset_T *args);
char *did_set_virtualedit(optset_T *args);
char *did_set_whichwrap(optset_T *args);
char *did_set_wildmode(optset_T *args);
char *did_set_wildoptions(optset_T *args);
char *did_set_winaltkeys(optset_T *args);
char *did_set_wincolor(optset_T *args);
char *did_set_string_option(int opt_idx, char_u **varp, char_u *oldval, char_u *value, char *errbuf, int errbuflen, int opt_flags, set_op_T op, int *value_checked);
int expand_set_ambiwidth(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_background(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_backspace(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_backupcopy(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_belloff(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_breakindentopt(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_browsedir(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_bufhidden(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_buftype(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_casemap(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_chars_option(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_clipboard(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_complete(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_completeopt(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_completeslash(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_concealcursor(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_cpoptions(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_cryptmethod(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_cursorlineopt(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_debug(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_diffopt(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_display(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_eadirection(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_encoding(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_eventignore(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_fileformat(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_foldclose(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_foldmethod(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_foldopen(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_formatoptions(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_guifont(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_guioptions(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_highlight(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_jumpoptions(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_keymodel(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_keyprotocol(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_lispoptions(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_mouse(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_mousemodel(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_nrformats(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_popupoption(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_printoptions(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_rightleftcmd(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_scrollopt(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_selection(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_selectmode(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_sessionoptions(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_shortmess(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_showcmdloc(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_signcolumn(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_spelloptions(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_spellsuggest(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_splitkeep(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_swapsync(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_switchbuf(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_tagcase(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_termwintype(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_toolbar(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_toolbariconsize(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_ttymouse(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_virtualedit(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_whichwrap(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_wildmode(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_wildoptions(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_winaltkeys(optexpand_T *args, int *numMatches, char_u ***matches);
int expand_set_wincolor(optexpand_T *args, int *numMatches, char_u ***matches);
int check_ff_value(char_u *p);
char_u *get_fileformat_name(expand_T *xp, int idx);
void save_clear_shm_value(void);
void restore_shm_value(void);
/* vim: set ft=c : */