Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_vim / 826bfe4bbd7594188e3d74d2539d9707b1c6a14b^! / .
commit826bfe4bbd7594188e3d74d2539d9707b1c6a14b[log] [tgz]
authorBram Moolenaar <Bram@vim.org>Fri Oct 08 18:39:28 2021 +0100
committerBram Moolenaar <Bram@vim.org>Fri Oct 08 18:39:28 2021 +0100
tree56be5520dccdd31b124c6534bdeece6446e3bf9b
parentcce81e9673fe8d056e8eef310d9919620eccb2f2 [diff]
patch 8.2.3487: illegal memory access if buffer name is very long

Problem:    Illegal memory access if buffer name is very long.
Solution:   Make sure not to go over the end of the buffer.

diff --git a/src/drawscreen.c b/src/drawscreen.c
index 82e5375..e38ca95 100644
--- a/src/drawscreen.c
+++ b/src/drawscreen.c

@@ -464,13 +464,13 @@
 	    *(p + len++) = ' ';
 	if (bt_help(wp->w_buffer))
 	{
-	    STRCPY(p + len, _("[Help]"));
+	    vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Help]"));
 	    len += (int)STRLEN(p + len);
 	}
 #ifdef FEAT_QUICKFIX
 	if (wp->w_p_pvw)
 	{
-	    STRCPY(p + len, _("[Preview]"));
+	    vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Preview]"));
 	    len += (int)STRLEN(p + len);
 	}
 #endif
@@ -480,12 +480,12 @@
 #endif
 		)
 	{
-	    STRCPY(p + len, "[+]");
-	    len += 3;
+	    vim_snprintf((char *)p + len, MAXPATHL - len, "%s", "[+]");
+	    len += (int)STRLEN(p + len);
 	}
 	if (wp->w_buffer->b_p_ro)
 	{
-	    STRCPY(p + len, _("[RO]"));
+	    vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[RO]"));
 	    len += (int)STRLEN(p + len);
 	}
 

diff --git a/src/testdir/test_statusline.vim b/src/testdir/test_statusline.vim
index f3eea2e..a952de6 100644
--- a/src/testdir/test_statusline.vim
+++ b/src/testdir/test_statusline.vim

@@ -522,4 +522,14 @@
   %bw!
 endfunc
 
+" Used to write beyond allocated memory.  This assumes MAXPATHL is 4096 bytes.
+func Test_statusline_verylong_filename()
+  let fname = repeat('x', 4090)
+  exe "new " .. fname
+  set buftype=help
+  set previewwindow
+  redraw
+  bwipe!
+endfunc
+
 " vim: shiftwidth=2 sts=2 expandtab

diff --git a/src/version.c b/src/version.c
index 4c66b24..06421bb 100644
--- a/src/version.c
+++ b/src/version.c

@@ -758,6 +758,8 @@
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    3487,
+/**/
     3486,
 /**/
     3485,