patch 8.0.0212: buffer for key name may be too small
Problem: The buffer used to store a key name theoreticaly could be too
small. (Coverity)
Solution: Count all possible modifier characters. Add a check for the
length just in case.
diff --git a/src/misc2.c b/src/misc2.c
index bf98a64..26d5970 100644
--- a/src/misc2.c
+++ b/src/misc2.c
@@ -2162,6 +2162,7 @@
/* 'A' must be the last one */
{MOD_MASK_ALT, MOD_MASK_ALT, (char_u)'A'},
{0, 0, NUL}
+ /* NOTE: when adding an entry, update MAX_KEY_NAME_LEN! */
};
/*
@@ -2431,6 +2432,7 @@
{K_PLUG, (char_u *)"Plug"},
{K_CURSORHOLD, (char_u *)"CursorHold"},
{0, NULL}
+ /* NOTE: When adding a long name update MAX_KEY_NAME_LEN. */
};
#define KEY_NAMES_TABLE_LEN (sizeof(key_names_table) / sizeof(struct key_name_entry))
@@ -2659,8 +2661,13 @@
}
else /* use name of special key */
{
- STRCPY(string + idx, key_names_table[table_idx].name);
- idx = (int)STRLEN(string);
+ size_t len = STRLEN(key_names_table[table_idx].name);
+
+ if (len + idx + 2 <= MAX_KEY_NAME_LEN)
+ {
+ STRCPY(string + idx, key_names_table[table_idx].name);
+ idx += (int)len;
+ }
}
string[idx++] = '>';
string[idx] = NUL;