Patch 8.2.3669

[Bram Moolenaar]

Patch 8.2.3669
Problem:    Buffer overflow with long help argument.
Solution:   Use snprintf().
Files:      src/help.c, src/testdir/test_help.vim


*** ../vim-8.2.3668/src/help.c  2021-06-02 12:28:11.431120460 +0100
--- src/help.c  2021-11-25 10:49:17.146843905 +0000
***************
*** 422,429 ****
                    || (vim_strchr((char_u *)"%_z@", arg[1]) != NULL
                                                           && arg[2] != NUL)))
        {
!           STRCPY(d, "/\\\\");
!           STRCPY(d + 3, arg + 1);
            // Check for "/\\_$", should be "/\\_\$"
            if (d[3] == '_' && d[4] == '$')
                STRCPY(d + 4, "\\$");
--- 422,428 ----
                    || (vim_strchr((char_u *)"%_z@", arg[1]) != NULL
                                                           && arg[2] != NUL)))
        {
!           vim_snprintf((char *)d, IOSIZE, "/\\\\%s", arg + 1);
            // Check for "/\\_$", should be "/\\_\$"
            if (d[3] == '_' && d[4] == '$')
                STRCPY(d + 4, "\\$");
*** ../vim-8.2.3668/src/testdir/test_help.vim   2021-06-12 12:46:38.055854976 
+0100
--- src/testdir/test_help.vim   2021-11-25 10:48:57.138842071 +0000
***************
*** 134,137 ****
--- 134,146 ----
    close
  endfunc
  
+ func Test_help_long_argument()
+   try
+     exe 'help \%' .. repeat('0', 1021)
+   catch
+     call assert_match("E149:", v:exception)
+   endtry
+ endfunc
+ 
+ 
  " vim: shiftwidth=2 sts=2 expandtab
*** ../vim-8.2.3668/src/version.c       2021-11-24 20:28:23.599595260 +0000
--- src/version.c       2021-11-25 10:42:07.630521494 +0000
***************
*** 759,760 ****
--- 759,762 ----
  {   /* Add new patch number below this line */
+ /**/
+     3669,
  /**/

-- 
Dogs must have a permit signed by the mayor in order to congregate in groups
of three or more on private property.
                [real standing law in Oklahoma, United States of America]

 /// Bram Moolenaar -- b...@moolenaar.net -- http://www.Moolenaar.net   \\\
///                                                                      \\\
\\\        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///

-- 
-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

--- 
You received this message because you are subscribed to the Google Groups 
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to vim_dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/vim_dev/20211125105130.A96AA1C0873%40moolenaar.net.