Commit: patch 9.2.0498: potential heap buffer overflow in if_xcmdsrv.c
2 views
Skip to first unread message
Christian Brabandt
May 17, 2026, 5:00:13 PM (2 days ago) May 17
to vim...@googlegroups.com
patch 9.2.0498: potential heap buffer overflow in if_xcmdsrv.c
Commit: https://github.com/vim/vim/commit/c920d9344368a1506be0bbff116ff9d4cd96476f
Author: Foxe Chen <chen...@gmail.com>
Date: Sun May 17 20:42:20 2026 +0000
patch 9.2.0498: potential heap buffer overflow in if_xcmdsrv.c
Problem: potential heap buffer overflow in if_xcmdsrv.c
server_parse_message() (Michael Bommarito)
Solution: Add strlen() call (Foxe Chen)
fixes: #20235
closes: #20236
Signed-off-by: Foxe Chen <chen...@gmail.com>
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/if_xcmdsrv.c b/src/if_xcmdsrv.c
index 070e0db09..43e1e3407 100644
--- a/src/if_xcmdsrv.c
+++ b/src/if_xcmdsrv.c
@@ -1333,7 +1333,7 @@ server_parse_message(
// Initialize the result property.
ga_init2(&reply, 1, 100);
- (void)ga_grow(&reply, 50 + STRLEN(p_enc));
+ (void)ga_grow(&reply, 50 + STRLEN(p_enc) + STRLEN(serial));
sprintf(reply.ga_data, "%cr%c-E %s%c-s %s%c-r ",
0, 0, p_enc, 0, serial, 0);
reply.ga_len = 14 + STRLEN(p_enc) + STRLEN(serial);
diff --git a/src/version.c b/src/version.c
index 2eaaa4562..f348ffc9e 100644
--- a/src/version.c
+++ b/src/version.c
@@ -729,6 +729,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 498,
/**/
497,
/**/
Commit: https://github.com/vim/vim/commit/c920d9344368a1506be0bbff116ff9d4cd96476f
Author: Foxe Chen <chen...@gmail.com>
Date: Sun May 17 20:42:20 2026 +0000
patch 9.2.0498: potential heap buffer overflow in if_xcmdsrv.c
Problem: potential heap buffer overflow in if_xcmdsrv.c
server_parse_message() (Michael Bommarito)
Solution: Add strlen() call (Foxe Chen)
fixes: #20235
closes: #20236
Signed-off-by: Foxe Chen <chen...@gmail.com>
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/if_xcmdsrv.c b/src/if_xcmdsrv.c
index 070e0db09..43e1e3407 100644
--- a/src/if_xcmdsrv.c
+++ b/src/if_xcmdsrv.c
@@ -1333,7 +1333,7 @@ server_parse_message(
// Initialize the result property.
ga_init2(&reply, 1, 100);
- (void)ga_grow(&reply, 50 + STRLEN(p_enc));
+ (void)ga_grow(&reply, 50 + STRLEN(p_enc) + STRLEN(serial));
sprintf(reply.ga_data, "%cr%c-E %s%c-s %s%c-r ",
0, 0, p_enc, 0, serial, 0);
reply.ga_len = 14 + STRLEN(p_enc) + STRLEN(serial);
diff --git a/src/version.c b/src/version.c
index 2eaaa4562..f348ffc9e 100644
--- a/src/version.c
+++ b/src/version.c
@@ -729,6 +729,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 498,
/**/
497,
/**/
Reply all
Reply to author
Forward
0 new messages