diff options
| author | Abdelhakeem Osama <abdelhakeem.osama@hotmail.com> | 2019-08-22 11:07:54 +0300 |
|---|---|---|
| committer | Daniel Hahler <git@thequod.de> | 2019-08-22 10:07:54 +0200 |
| commit | c6eb1f42bec06e92c2c5ee9a523af4e46ac05083 (patch) | |
| tree | f51e94bce23bdc37f359056e937e47355defcc9d | |
| parent | ed28668392e450bf22fe97e0581a63135498b8c0 (diff) | |
| download | rneovim-c6eb1f42bec06e92c2c5ee9a523af4e46ac05083.tar.gz rneovim-c6eb1f42bec06e92c2c5ee9a523af4e46ac05083.tar.bz2 rneovim-c6eb1f42bec06e92c2c5ee9a523af4e46ac05083.zip | |
API: fix nvim_command_output buffer overflow (#10830)
Fixes https://github.com/neovim/neovim/issues/10829.
| -rw-r--r-- | src/nvim/api/vim.c | 2 | ||||
| -rw-r--r-- | test/functional/api/vim_spec.lua | 5 |
2 files changed, 6 insertions, 1 deletions
diff --git a/src/nvim/api/vim.c b/src/nvim/api/vim.c index 6280038d1a..d027eca59a 100644 --- a/src/nvim/api/vim.c +++ b/src/nvim/api/vim.c @@ -364,7 +364,7 @@ String nvim_command_output(String command, Error *err) }; // redir usually (except :echon) prepends a newline. if (s.data[0] == '\n') { - memmove(s.data, s.data + 1, s.size); + memmove(s.data, s.data + 1, s.size - 1); s.data[s.size - 1] = '\0'; s.size = s.size - 1; } diff --git a/test/functional/api/vim_spec.lua b/test/functional/api/vim_spec.lua index 519b65081e..cd45914552 100644 --- a/test/functional/api/vim_spec.lua +++ b/test/functional/api/vim_spec.lua @@ -178,6 +178,11 @@ describe('API', function() -- Verify NO hit-enter prompt. eq({mode='n', blocking=false}, nvim("get_mode")) end) + + it('Does not cause heap buffer overflow with large output', function() + eq(eval('string(range(1000000))'), + nvim('command_output', 'echo range(1000000)')) + end) end) describe('nvim_eval', function() |