Problem: :packadd may lead to heap-buffer-overflow when all entries in
'runtimepath' have the same length (after 9.2.0291).
Solution: Check for comma after current entry properly (zeertzjq).
related: #19854
closes: #19911
Signed-off-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
buf.length = (size_t)copy_option_part(&entry, buf.string, MAXPATHL, ",");
// keep track of p_rtp length as we go to make the STRLEN() below have less work to do
- p_rtp_len += (*(p_rtp + buf.length) == ',') ? buf.length + 1 : buf.length;
+ p_rtp_len += (*(cur_entry + buf.length) == ',') ? buf.length + 1 : buf.length;
if ((p = (char_u *)strstr((char *)buf.string, "after")) != NULL
&& p > buf.string
" plugdir should be inserted before plugdir/after
call assert_match('^nosuchdir,' . s:plugdir . ',', &rtp)
+ " This used to cause heep-buffer-overflow
+ " All existing entries in 'rtp' have the same length here
+ let &rtp = 'Xfoodir,Xbardir,Xbazdir'
+ packadd mytest
+ " plugdir should be inserted after the existing directories
+ call assert_match('^Xfoodir,Xbardir,Xbazdir,' .. s:plugdir .. ',', &rtp)
+
set rtp&
let rtp = &rtp
filetype on
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 293,
/**/
292,
/**/
projects / thirdparty / vim.git / commitdiff
