Patch 8.2.3669

[Bram Moolenaar]

Patch 8.2.3669
Problem: Buffer overflow with long help argument.
Solution: Use snprintf().
Files: src/help.c, src/testdir/test_help.vim


*** ../vim-8.2.3668/src/help.c 2021-06-02 12:28:11.431120460 +0100
--- src/help.c 2021-11-25 10:49:17.146843905 +0000
***************
*** 422,429 ****
|| (vim_strchr((char_u *)"%_z@", arg[1]) != NULL
&& arg[2] != NUL)))
{
! STRCPY(d, "/\\\\");
! STRCPY(d + 3, arg + 1);
// Check for "/\\_$", should be "/\\_\$"
if (d[3] == '_' && d[4] == '$')
STRCPY(d + 4, "\\$");
--- 422,428 ----
|| (vim_strchr((char_u *)"%_z@", arg[1]) != NULL
&& arg[2] != NUL)))
{
! vim_snprintf((char *)d, IOSIZE, "/\\\\%s", arg + 1);
// Check for "/\\_$", should be "/\\_\$"
if (d[3] == '_' && d[4] == '$')
STRCPY(d + 4, "\\$");
*** ../vim-8.2.3668/src/testdir/test_help.vim 2021-06-12 12:46:38.055854976 +0100
--- src/testdir/test_help.vim 2021-11-25 10:48:57.138842071 +0000
***************
*** 134,137 ****
--- 134,146 ----
close
endfunc

+ func Test_help_long_argument()
+ try
+ exe 'help \%' .. repeat('0', 1021)
+ catch
+ call assert_match("E149:", v:exception)
+ endtry
+ endfunc
+
+
" vim: shiftwidth=2 sts=2 expandtab
*** ../vim-8.2.3668/src/version.c 2021-11-24 20:28:23.599595260 +0000
--- src/version.c 2021-11-25 10:42:07.630521494 +0000
***************
*** 759,760 ****
--- 759,762 ----
{ /* Add new patch number below this line */
+ /**/
+ 3669,
/**/

--
Dogs must have a permit signed by the mayor in order to congregate in groups
of three or more on private property.
[real standing law in Oklahoma, United States of America]

/// Bram Moolenaar -- Br...@Moolenaar.net -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///