patch 8.2.4895: buffer overflow with invalid command with composing chars Problem: Buffer overflow with invalid command with composing chars. Solution: Check that the whole character fits in the buffer.

commit: d88934406c5375d88f8f1b65331c9f0cab68cc6c [log] [tgz]
author: Bram Moolenaar <Bram@vim.org> Fri May 06 20:38:47 2022 +0100
committer: Bram Moolenaar <Bram@vim.org> Fri May 06 20:38:47 2022 +0100
tree: 1d494ce256adb31317dd457e16999c37fa701972
parent: 5a7b6dc23cd16450b5773849520d513de56bccbf [diff] [blame]
diff --git a/src/ex_docmd.c b/src/ex_docmd.c
index 26acc07..46f2b22 100644
--- a/src/ex_docmd.c
+++ b/src/ex_docmd.c

@@ -3435,7 +3435,7 @@
 
     STRCAT(IObuff, ": ");
     d = IObuff + STRLEN(IObuff);
-    while (*s != NUL && d - IObuff < IOSIZE - 7)
+    while (*s != NUL && d - IObuff + 5 < IOSIZE)
     {
 	if (enc_utf8 ? (s[0] == 0xc2 && s[1] == 0xa0) : *s == 0xa0)
 	{
@@ -3443,6 +3443,8 @@
 	    STRCPY(d, "<a0>");
 	    d += 4;
 	}
+	else if (d - IObuff + (*mb_ptr2len)(s) + 1 >= IOSIZE)
+	    break;
 	else
 	    MB_COPY_CHAR(s, d);
     }
commit	d88934406c5375d88f8f1b65331c9f0cab68cc6c	[log] [tgz]
author	Bram Moolenaar <Bram@vim.org>	Fri May 06 20:38:47 2022 +0100
committer	Bram Moolenaar <Bram@vim.org>	Fri May 06 20:38:47 2022 +0100
tree	1d494ce256adb31317dd457e16999c37fa701972
parent	5a7b6dc23cd16450b5773849520d513de56bccbf [diff] [blame]