[patch] possible memory overflow in vim7/src/GvimExt/gvimext.cpp

2 views
Skip to first unread message

Dominique Pellé

unread,
Jul 26, 2009, 2:54:29 PM7/26/09
to vim_dev, tian...@acm.org
Trying the static analyzer 'cppcheck-1.34' on Vim source code,
I saw the following warning:

[./GvimExt/gvimext.cpp:638]: (all) Dangerous usage of strncat. Tip:
the 3rd parameter means maximum number of characters to append

Code in vim7/src/gvimext.cpp is:

623 char temp[BUFSIZE];
...
637 strncpy(temp, _("Edit with existing Vim - "), BUFSIZE - 1);
638 strncat(temp, title, BUFSIZE - 1);

Code is incorrect indeed: strncat() may overflow temp buffer.

Attached patch fixes it.

-- Dominique

fix-strncat-gvimext.cpp-7.2.239.patch

Bram Moolenaar

unread,
Jul 27, 2009, 4:52:00 PM7/27/09
to Dominique Pellé, vim_dev, tian...@acm.org

Dominique Pelle wrote:

Thanks. These C string functions are tricky.

--
hundred-and-one symptoms of being an internet addict:
110. You actually volunteer to become your employer's webmaster.

/// Bram Moolenaar -- Br...@Moolenaar.net -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ download, build and distribute -- http://www.A-A-P.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///

Reply all
Reply to author
Forward
0 new messages