[vim/vim] add defensive guards against potential buffer overflow (PR #19904)

mattn

unread,

1:25 PM (8 hours ago) 1:25 PM

to vim/vim, Subscribed

Add bounds checking and integer overflow guards across multiple files as a defensive measure. While these code paths are unlikely to be exploitable in practice, the guards prevent undefined behavior in edge cases.

libvterm/vterm.c: use heap tmpbuffer instead of stack buffer in vsprintf() fallback path
channel.c: validate len in channel_consume() before mch_memmove()
spell.c: use long instead of int for addlen to avoid signed overflow in size_t subtraction
alloc.c: add SIZE_MAX overflow check in ga_grow_inner() before itemsize multiplication
list.c: add overflow check before count * sizeof(listitem_T)
popupwin.c: add overflow check before width * height allocation
insexpand.c: add overflow check before compl_num_bests multiplication
regexp_bt.c: replace sprintf() with vim_snprintf() in regprop()
spellfile.c: use SIZE_MAX instead of LONG_MAX for allocation overflow check

This audit and fix was done with Claude Code.

You can view, comment on, or merge this pull request online at:

https://github.com/vim/vim/pull/19904

Commit Summary

246f4ae add defensive guards against potential buffer overflow

File Changes

(9 files)

Patch Links:

—
Reply to this email directly, view it on GitHub.
You are receiving this because you are subscribed to this thread.

mattn

unread,

1:27 PM (8 hours ago) 1:27 PM

to vim/vim, Push

@mattn pushed 1 commit.

b1ab856 fix sign-compare warning in channel_consume()

—
View it on GitHub.
You are receiving this because you are subscribed to this thread.

mattn

unread,

1:45 PM (8 hours ago) 1:45 PM

to vim/vim, Push

@mattn pushed 1 commit.

368a963 fix spellfile overflow check for LLP64 platforms (Windows 64-bit)

—
View it on GitHub.
You are receiving this because you are subscribed to this thread.

Reply all

Reply to author

Forward