Patch 9.0.1458

5 views

Skip to first unread message

Bram Moolenaar

unread,

Apr 16, 2023, 3:13:54 PM4/16/23

to vim...@googlegroups.com

Patch 9.0.1458
Problem: Buffer overflow when expanding long file name.
Solution: Use a larger buffer and avoid overflowing it. (Yee Cheng Chin,
closes #12201)
Files: src/filepath.c

*** ../vim-9.0.1457/src/filepath.c 2023-03-11 13:55:49.187639725 +0000
--- src/filepath.c 2023-04-16 20:12:40.785992559 +0100
***************
*** 938,946 ****

static void
findfilendir(
! typval_T *argvars UNUSED,
typval_T *rettv,
! int find_what UNUSED)
{
char_u *fname;
char_u *fresult = NULL;
--- 938,946 ----

static void
findfilendir(
! typval_T *argvars,
typval_T *rettv,
! int find_what)
{
char_u *fname;
char_u *fresult = NULL;
***************
*** 3685,3691 ****
int didstar) // expanded "**" once already
{
char_u *buf;
- size_t buflen;
char_u *path_end;
char_u *p, *s, *e;
int start_len = gap->ga_len;
--- 3685,3690 ----
***************
*** 3708,3715 ****
return 0;
}

! // make room for file name
! buflen = STRLEN(path) + BASENAMELEN + 5;
buf = alloc(buflen);
if (buf == NULL)
return 0;
--- 3707,3714 ----
return 0;
}

! // make room for file name (a bit too much to stay on the safe side)
! size_t buflen = STRLEN(path) + MAXPATHL;
buf = alloc(buflen);
if (buf == NULL)
return 0;
***************
*** 3828,3834 ****
|| ((flags & EW_NOTWILD)
&& fnamencmp(path + (s - buf), dp->d_name, e - s) == 0)))
{
! STRCPY(s, dp->d_name);
len = STRLEN(buf);

if (starstar && stardepth < 100)
--- 3827,3833 ----
|| ((flags & EW_NOTWILD)
&& fnamencmp(path + (s - buf), dp->d_name, e - s) == 0)))
{
! vim_strncpy(s, (char_u *)dp->d_name, buflen - (s - buf) - 1);
len = STRLEN(buf);

if (starstar && stardepth < 100)
*** ../vim-9.0.1457/src/version.c 2023-04-16 17:17:33.052497158 +0100
--- src/version.c 2023-04-16 20:08:12.866500293 +0100
***************
*** 697,698 ****
--- 697,700 ----
{ /* Add new patch number below this line */
+ /**/
+ 1458,
/**/

--
BEDEVERE: How do you know so much about swallows?
ARTHUR: Well you have to know these things when you're a king, you know.
"Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD

/// Bram Moolenaar -- Br...@Moolenaar.net -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///

Reply all

Reply to author

Forward

0 new messages