[vim/vim] heap buffer overflow with long generic function name (PR #19727)

4 views
Skip to first unread message

Christian Brabandt

unread,
Mar 17, 2026, 5:23:44 AM (19 hours ago) Mar 17
to vim/vim, Subscribed

Problem: Using a long generic function name may cause a heap buffer
overflow in common_function().
Solution: Allocate memory for the full name instead of using IObuff.
(Kaixuan Li)

You can view, comment on, or merge this pull request online at:

  https://github.com/vim/vim/pull/19727

Commit Summary

  • bf7fd77 heap buffer overflow with long generic function name

File Changes

(2 files)

Patch Links:


Reply to this email directly, view it on GitHub.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/pull/19727@github.com>

Yegappan Lakshmanan

unread,
Mar 17, 2026, 10:57:29 AM (13 hours ago) Mar 17
to vim/vim, Subscribed

@yegappan commented on this pull request.

In src/testdir/test_vimscript.vim:

> @@ -7689,6 +7689,19 @@ func Test_catch_pattern_trailing_chars()
   bw!
 endfunc
 
+" Test for long gerneric type name {{{1
+func Test_function_long_generic_name()
+  func TestFunc()

Should this be def TestFunc()?


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/pull/19727/review/3961457671@github.com>

Yegappan Lakshmanan

unread,
Mar 17, 2026, 10:59:23 AM (13 hours ago) Mar 17
to vim/vim, Subscribed

@yegappan commented on this pull request.

In src/testdir/test_vimscript.vim:

> @@ -7689,6 +7689,19 @@ func Test_catch_pattern_trailing_chars()
   bw!
 endfunc
 
+" Test for long gerneric type name {{{1
+func Test_function_long_generic_name()

Both of these functions should be def functions?


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/pull/19727/review/3961476094@github.com>

Christian Brabandt

unread,
Mar 17, 2026, 2:18:49 PM (10 hours ago) Mar 17
to vim/vim, Subscribed

@chrisbra commented on this pull request.

In src/testdir/test_vimscript.vim:

> @@ -7689,6 +7689,19 @@ func Test_catch_pattern_trailing_chars()
   bw!
 endfunc
 
+" Test for long gerneric type name {{{1
+func Test_function_long_generic_name()

shouldn't really matter, no?


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/pull/19727/review/3962831621@github.com>

Yegappan Lakshmanan

unread,
Mar 17, 2026, 2:53:04 PM (9 hours ago) Mar 17
to vim/vim, Subscribed

@yegappan commented on this pull request.

In src/testdir/test_vimscript.vim:

> @@ -7689,6 +7689,19 @@ func Test_catch_pattern_trailing_chars()
   bw!
 endfunc
 
+" Test for long gerneric type name {{{1
+func Test_function_long_generic_name()

To detect this buffer overflow condition, func or def definition shouldn't really matter.


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/pull/19727/review/3963026046@github.com>

Yegappan Lakshmanan

unread,
Mar 17, 2026, 2:53:11 PM (9 hours ago) Mar 17
to vim/vim, Subscribed

@yegappan approved this pull request.


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/pull/19727/review/3963027438@github.com>

Christian Brabandt

unread,
Mar 17, 2026, 3:12:07 PM (9 hours ago) Mar 17
to vim/vim, Subscribed

Closed #19727 via f9bed02.


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/pull/19727/issue_event/23656146414@github.com>

Reply all
Reply to author
Forward
0 new messages