patch 9.2.0498: potential heap buffer overflow in if_xcmdsrv.c
Commit:
https://github.com/vim/vim/commit/c920d9344368a1506be0bbff116ff9d4cd96476f
Author: Foxe Chen <[email protected]>
Date: Sun May 17 20:42:20 2026 +0000
patch 9.2.0498: potential heap buffer overflow in if_xcmdsrv.c
Problem: potential heap buffer overflow in if_xcmdsrv.c
server_parse_message() (Michael Bommarito)
Solution: Add strlen() call (Foxe Chen)
fixes: #20235
closes: #20236
Signed-off-by: Foxe Chen <[email protected]>
Signed-off-by: Christian Brabandt <[email protected]>
diff --git a/src/if_xcmdsrv.c b/src/if_xcmdsrv.c
index 070e0db09..43e1e3407 100644
--- a/src/if_xcmdsrv.c
+++ b/src/if_xcmdsrv.c
@@ -1333,7 +1333,7 @@ server_parse_message(
// Initialize the result property.
ga_init2(&reply, 1, 100);
- (void)ga_grow(&reply, 50 + STRLEN(p_enc));
+ (void)ga_grow(&reply, 50 + STRLEN(p_enc) +
STRLEN(serial));
sprintf(reply.ga_data, "%cr%c-E %s%c-s %s%c-r ",
0, 0, p_enc, 0, serial, 0);
reply.ga_len = 14 + STRLEN(p_enc) + STRLEN(serial);
diff --git a/src/version.c b/src/version.c
index 2eaaa4562..f348ffc9e 100644
--- a/src/version.c
+++ b/src/version.c
@@ -729,6 +729,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 498,
/**/
497,
/**/
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/vim_dev/E1wOiai-00A80y-H5%40256bit.org.
