patch 9.2.0528: possible overflow in XIM resource handling

author Christian Brabandt <cb@256bit.org>

Sun, 24 May 2026 16:47:27 +0000 (16:47 +0000)

committer Christian Brabandt <cb@256bit.org>

Sun, 24 May 2026 16:52:53 +0000 (16:52 +0000)
author Christian Brabandt <cb@256bit.org>
Sun, 24 May 2026 16:47:27 +0000 (16:47 +0000)
committer Christian Brabandt <cb@256bit.org>
Sun, 24 May 2026 16:52:53 +0000 (16:52 +0000)
diff --git a/src/gui_xim.c b/src/gui_xim.c

index ec4620f38ba8f3a5cdddf5b982fba2dacd57e9a1..a04667e2dc65b3c5d7c7090ff0e423fdc9dee4ff 100644 (file)
--- a/src/gui_xim.c
+++ b/src/gui_xim.c
@@ -1750,7 +1750,8 @@ xim_real_init(Window x11_window, Display *x11_display)
  
      if (gui.rsrc_input_method != NULL && *gui.rsrc_input_method != NUL)
      {
-       strcpy(tmp, gui.rsrc_input_method);
+       vim_strncpy((char_u *)tmp, (char_u *)gui.rsrc_input_method,
+           sizeof(tmp) - 1);
         for (ns = s = tmp; ns != NULL && *s != NUL;)
         {
             s = (char *)skipwhite((char_u *)s);
@@ -1817,7 +1818,8 @@ xim_real_init(Window x11_window, Display *x11_display)
      }
  
      found = False;
-    strcpy(tmp, gui.rsrc_preedit_type_name);
+    vim_strncpy((char_u *)tmp, (char_u *)gui.rsrc_preedit_type_name,
+           sizeof(tmp) - 1);
      for (s = tmp; s && !found; )
      {
         while (*s && SAFE_isspace(*s))
diff --git a/src/version.c b/src/version.c

index 708cd1746b42e4c8fe7165600cc16c89f4516b3c..19dbebbdb4ba3d34cd593b0d99b993878d8e118c 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -729,6 +729,8 @@ static char *(features[]) =
  
  static int included_patches[] =
  {   /* Add new patch number below this line */
+/**/
+    528,
  /**/
      527,
  /**/
author	Christian Brabandt <cb@256bit.org>
	Sun, 24 May 2026 16:47:27 +0000 (16:47 +0000)
committer	Christian Brabandt <cb@256bit.org>
	Sun, 24 May 2026 16:52:53 +0000 (16:52 +0000)
src/gui_xim.c		patch \| blob \| blame \| history
src/version.c		patch \| blob \| blame \| history