thac0/vim
1
0
Fork 0
forked from aniani/vim
Code Activity

patch 8.2.4895: buffer overflow with invalid command with composing chars

Browse Source 
Problem:    Buffer overflow with invalid command with composing chars.
Solution:   Check that the whole character fits in the buffer.
This commit is contained in:
Bram Moolenaar
2022-05-06 20:38:47 +01:00
parent 5a7b6dc23c
commit d88934406c
3 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/ex_docmd.c
View File

@@ -3435,7 +3435,7 @@ append_command(char_u *cmd)
STRCAT(IObuff, ": ");
d = IObuff + STRLEN(IObuff);
while (*s != NUL && d - IObuff < IOSIZE - 7)
while (*s != NUL && d - IObuff + 5 < IOSIZE)
{
if (enc_utf8 ? (s[0] == 0xc2 && s[1] == 0xa0) : *s == 0xa0)
{
@@ -3443,6 +3443,8 @@ append_command(char_u *cmd)
STRCPY(d, "<a0>");
d += 4;
}
else if (d - IObuff + (*mb_ptr2len)(s) + 1 >= IOSIZE)
break;
else
MB_COPY_CHAR(s, d);
}