Problem: Using a long generic function name may cause a heap buffer
overflow in common_function().
Solution: Allocate memory for the full name instead of using IObuff
(Kaixuan Li).
closes: #19727
Signed-off-by: Kaixuan Li <kaixuanli0131@gmail.com>
Signed-off-by: Yegappan Lakshmanan <yegappan@yahoo.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
else
{
// generic function
- STRCPY(IObuff, name);
- STRCAT(IObuff, start_bracket);
- rettv->vval.v_string = vim_strsave(IObuff);
+ size_t len = STRLEN(name) + STRLEN(start_bracket);
+ rettv->vval.v_string = alloc(len + 1);
+ if (rettv->vval.v_string != NULL)
+ {
+ STRCPY(rettv->vval.v_string, name);
+ STRCAT(rettv->vval.v_string, start_bracket);
+ }
vim_free(name);
}
}
bw!
endfunc
+" Test for long gerneric type name {{{1
+func Test_function_long_generic_name()
+ func TestFunc()
+ return
+ endfunc
+
+ let name = 'TestFunc<' .. repeat('T', 1100) .. '>'
+
+ call function(name)
+ call funcref(name)
+ delfunc TestFunc
+endfunc
+
"-------------------------------------------------------------------------------
" Modelines {{{1
" vim: ts=8 sw=2 sts=2 expandtab tw=80 fdm=marker
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 186,
/**/
185,
/**/
projects / thirdparty / vim.git / commitdiff
