diff options
| author | f380cedric <f380cedric@users.noreply.github.com> | 2022-01-27 14:58:53 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-27 14:58:53 +0100 |
| commit | 5182627ce97162b90d8d6c34408c4ce937e1072c (patch) | |
| tree | 0d8915e3793a6b9c8b6ee964354e5ad6f13c80b5 /src | |
| parent | 39d6db3899759b27c69d2b3444b0cd0e0161793d (diff) | |
| download | rneovim-5182627ce97162b90d8d6c34408c4ce937e1072c.tar.gz rneovim-5182627ce97162b90d8d6c34408c4ce937e1072c.tar.bz2 rneovim-5182627ce97162b90d8d6c34408c4ce937e1072c.zip | |
vim-patch:8.2.3669: buffer overflow with long help argument (#16971)
Problem: Buffer overflow with long help argument.
Solution: Use snprintf().
https://github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142
Diffstat (limited to 'src')
| -rw-r--r-- | src/nvim/ex_cmds.c | 3 | ||||
| -rw-r--r-- | src/nvim/testdir/test_help.vim | 8 |
2 files changed, 9 insertions, 2 deletions
diff --git a/src/nvim/ex_cmds.c b/src/nvim/ex_cmds.c index ca5e14ee63..12598a88d1 100644 --- a/src/nvim/ex_cmds.c +++ b/src/nvim/ex_cmds.c @@ -5071,8 +5071,7 @@ int find_help_tags(const char_u *arg, int *num_matches, char_u ***matches, bool && ((arg[1] != NUL && arg[2] == NUL) || (vim_strchr((char_u *)"%_z@", arg[1]) != NULL && arg[2] != NUL))) { - STRCPY(d, "/\\\\"); - STRCPY(d + 3, arg + 1); + vim_snprintf((char *)d, IOSIZE, "/\\\\%s", arg + 1); // Check for "/\\_$", should be "/\\_\$" if (d[3] == '_' && d[4] == '$') { STRCPY(d + 4, "\\$"); diff --git a/src/nvim/testdir/test_help.vim b/src/nvim/testdir/test_help.vim index 8e59efd22d..977dad6a45 100644 --- a/src/nvim/testdir/test_help.vim +++ b/src/nvim/testdir/test_help.vim @@ -101,4 +101,12 @@ func Test_helptag_cmd() call delete('Xdir', 'rf') endfunc +func Test_help_long_argument() + try + exe 'help \%' .. repeat('0', 1021) + catch + call assert_match("E149:", v:exception) + endtry +endfunc + " vim: shiftwidth=2 sts=2 expandtab |