diff options
| author | Thomas Vigouroux <thomas.vigouroux@protonmail.com> | 2023-08-19 02:19:36 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-19 08:19:36 +0800 |
| commit | 7a3fef9e348be541c585fd3544c912950387641f (patch) | |
| tree | adbf8372888df26130aaed3f7915cb066fd57f05 | |
| parent | 5a6c7c805b8bb1d1ed9fe829ed33f18ffa6f4f47 (diff) | |
| download | rneovim-7a3fef9e348be541c585fd3544c912950387641f.tar.gz rneovim-7a3fef9e348be541c585fd3544c912950387641f.tar.bz2 rneovim-7a3fef9e348be541c585fd3544c912950387641f.zip | |
refactor(tui): check for out of bound access after snprintf (#24751)
Counterintuitively, snprintf returns the number of characters it _should
have written_ if it had not encoutered the length bound, thus leading to
a potential buffer overflow.
Co-authored-by: zeertzjq <zeertzjq@outlook.com>
| -rw-r--r-- | src/nvim/tui/input.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/nvim/tui/input.c b/src/nvim/tui/input.c index 7af28561c2..c55cb44560 100644 --- a/src/nvim/tui/input.c +++ b/src/nvim/tui/input.c @@ -297,10 +297,10 @@ static void forward_simple_utf8(TermInput *input, TermKeyKey *key) } else { buf[len++] = *ptr; } + assert(len < sizeof(buf)); ptr++; } - assert(len < sizeof(buf)); tinput_enqueue(input, buf, len); } |