Patch 8.2.4963
Problem: Expanding path with "/**" may overrun end of buffer.
Solution: Use vim_snprintf().
Files: src/filepath.c
*** ../vim-8.2.4962/src/filepath.c 2022-05-09 20:09:19.286641426 +0100
--- src/filepath.c 2022-05-16 12:33:32.106956008 +0100
***************
*** 3589,3594 ****
--- 3589,3595 ----
int didstar) // expanded "**" once already
{
char_u *buf;
+ size_t buflen;
char_u *path_end;
char_u *p, *s, *e;
int start_len = gap->ga_len;
***************
*** 3612,3618 ****
}
// make room for file name
! buf = alloc(STRLEN(path) + BASENAMELEN + 5);
if (buf == NULL)
return 0;
--- 3613,3620 ----
}
// make room for file name
! buflen = STRLEN(path) + BASENAMELEN + 5;
! buf = alloc(buflen);
if (buf == NULL)
return 0;
***************
*** 3737,3750 ****
{
// For "**" in the pattern first go deeper in the tree to
// find matches.
! STRCPY(buf + len, "/**");
! STRCPY(buf + len + 3, path_end);
++stardepth;
(void)unix_expandpath(gap, buf, len + 1, flags, TRUE);
--stardepth;
}
! STRCPY(buf + len, path_end);
if (mch_has_exp_wildcard(path_end)) // handle more wildcards
{
// need to expand another component of the path
--- 3739,3752 ----
{
// For "**" in the pattern first go deeper in the tree to
// find matches.
! vim_snprintf((char *)buf + len, buflen - len,
! "/**%s", path_end);
++stardepth;
(void)unix_expandpath(gap, buf, len + 1, flags, TRUE);
--stardepth;
}
! vim_snprintf((char *)buf + len, buflen - len, "%s", path_end);
if (mch_has_exp_wildcard(path_end)) // handle more wildcards
{
// need to expand another component of the path
*** ../vim-8.2.4962/src/version.c 2022-05-16 11:14:05.106515306 +0100
--- src/version.c 2022-05-16 12:34:26.894908947 +0100
***************
*** 748,749 ****
--- 748,751 ----
{ /* Add new patch number below this line */
+ /**/
+ 4963,
/**/
--
hundred-and-one symptoms of being an internet addict:
211. Your husband leaves you...taking the computer with him and you
call him crying, and beg him to bring the computer back.
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/vim_dev/20220516114133.148F81C088A%40moolenaar.net.
