Problem: Buffer overflow with invalid command with composing chars.
Solution: Check that the whole character fits in the buffer.
STRCAT(IObuff, ": ");
d = IObuff + STRLEN(IObuff);
- while (*s != NUL && d - IObuff < IOSIZE - 7)
+ while (*s != NUL && d - IObuff + 5 < IOSIZE)
{
if (enc_utf8 ? (s[0] == 0xc2 && s[1] == 0xa0) : *s == 0xa0)
{
STRCPY(d, "<a0>");
d += 4;
}
+ else if (d - IObuff + (*mb_ptr2len)(s) + 1 >= IOSIZE)
+ break;
else
MB_COPY_CHAR(s, d);
}
set wildmenu&
endfunc
+" this was going over the end of IObuff
+func Test_report_error_with_composing()
+ let caught = 'no'
+ try
+ exe repeat('0', 987) .. "0\xdd\x80\xdd\x80\xdd\x80\xdd\x80"
+ catch /E492:/
+ let caught = 'yes'
+ endtry
+ call assert_equal('yes', caught)
+endfunc
+
" Test for expanding 2-letter and 3-letter :substitute command arguments.
" These commands don't accept an argument.
func Test_cmdline_complete_substitute_short()
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 4895,
/**/
4894,
/**/
projects / thirdparty / vim.git / commitdiff
