Patch 8.2.4895
Problem: Buffer overflow with invalid command with composing chars.
Solution: Check that the whole character fits in the buffer.
Files: src/ex_docmd.c, src/testdir/test_cmdline.vim
*** ../vim-8.2.4894/src/ex_docmd.c 2022-05-06 14:29:04.637209906 +0100
--- src/ex_docmd.c 2022-05-06 20:36:10.728167726 +0100
***************
*** 3435,3441 ****
STRCAT(IObuff, ": ");
d = IObuff + STRLEN(IObuff);
! while (*s != NUL && d - IObuff < IOSIZE - 7)
{
if (enc_utf8 ? (s[0] == 0xc2 && s[1] == 0xa0) : *s == 0xa0)
{
--- 3435,3441 ----
STRCAT(IObuff, ": ");
d = IObuff + STRLEN(IObuff);
! while (*s != NUL && d - IObuff + 5 < IOSIZE)
{
if (enc_utf8 ? (s[0] == 0xc2 && s[1] == 0xa0) : *s == 0xa0)
{
***************
*** 3443,3448 ****
--- 3443,3450 ----
STRCPY(d, "<a0>");
d += 4;
}
+ else if (d - IObuff + (*mb_ptr2len)(s) + 1 >= IOSIZE)
+ break;
else
MB_COPY_CHAR(s, d);
}
*** ../vim-8.2.4894/src/testdir/test_cmdline.vim 2022-04-19
11:38:01.484066480 +0100
--- src/testdir/test_cmdline.vim 2022-05-06 20:36:52.980131021 +0100
***************
*** 3353,3358 ****
--- 3353,3369 ----
set wildmenu&
endfunc
+ " this was going over the end of IObuff
+ func Test_report_error_with_composing()
+ let caught = 'no'
+ try
+ exe repeat('0', 987) .. "0\xdd\x80\xdd\x80\xdd\x80\xdd\x80"
+ catch /E492:/
+ let caught = 'yes'
+ endtry
+ call assert_equal('yes', caught)
+ endfunc
+
" Test for expanding 2-letter and 3-letter :substitute command arguments.
" These commands don't accept an argument.
func Test_cmdline_complete_substitute_short()
*** ../vim-8.2.4894/src/version.c 2022-05-06 18:38:37.111605790 +0100
--- src/version.c 2022-05-06 20:02:57.517763707 +0100
***************
*** 748,749 ****
--- 748,751 ----
{ /* Add new patch number below this line */
+ /**/
+ 4895,
/**/
--
"Computers in the future may weigh no more than 1.5 tons."
Popular Mechanics, 1949
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/vim_dev/20220506193921.9C3ED1C03B1%40moolenaar.net.
