diff options
| author | Andreas Schneider <asn@cryptomilk.org> | 2023-03-26 01:22:14 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-03-26 08:22:14 +0800 |
| commit | e3dab4b32609c63adfbb6bb425a4b19c1ff95cde (patch) | |
| tree | 29134b6251101587bcf0c1cc152d17168dfeb784 /test/functional/api/vim_spec.lua | |
| parent | 13eb6c2554653518098396e31fe04dfa82f5106f (diff) | |
| download | rneovim-e3dab4b32609c63adfbb6bb425a4b19c1ff95cde.tar.gz rneovim-e3dab4b32609c63adfbb6bb425a4b19c1ff95cde.tar.bz2 rneovim-e3dab4b32609c63adfbb6bb425a4b19c1ff95cde.zip | |
fix: snprintf buffer overflow detected by -D_FORTIFY_SOURCE=3 (#22780)
Problem:
Wrong buffer size argument passed to snprintf() in set_cmdarg():
Thread no. 1 (24 frames)
#8 snprintf at /usr/include/bits/stdio2.h:54
#9 set_cmdarg at /usr/src/debug/neovim-0.8.2-2.fc38.x86_64/src/nvim/eval.c:7044
#10 apply_autocmds_group at /usr/src/debug/neovim-0.8.2-2.fc38.x86_64/src/nvim/autocmd.c:1843
#11 apply_autocmds_exarg at /usr/src/debug/neovim-0.8.2-2.fc38.x86_64/src/nvim/autocmd.c:1549
#12 readfile at /usr/src/debug/neovim-0.8.2-2.fc38.x86_64/src/nvim/fileio.c:617
#13 buf_reload at /usr/src/debug/neovim-0.8.2-2.fc38.x86_64/src/nvim/fileio.c:5038
#14 buf_check_timestamp at /usr/src/debug/neovim-0.8.2-2.fc38.x86_64/src/nvim/fileio.c:4952
#15 check_timestamps at /usr/src/debug/neovim-0.8.2-2.fc38.x86_64/src/nvim/fileio.c:4678
#16 ex_checktime at /usr/src/debug/neovim-0.8.2-2.fc38.x86_64/src/nvim/ex_cmds2.c:765
#17 execute_cmd0 at /usr/src/debug/neovim-0.8.2-2.fc38.x86_64/src/nvim/ex_docmd.c:1620
#18 do_one_cmd at /usr/src/debug/neovim-0.8.2-2.fc38.x86_64/src/nvim/ex_docmd.c:2275
#19 do_cmdline at /usr/src/debug/neovim-0.8.2-2.fc38.x86_64/src/nvim/ex_docmd.c:584
#20 ex_execute at /usr/src/debug/neovim-0.8.2-2.fc38.x86_64/src/nvim/eval.c:7727
#21 execute_cmd0 at /usr/src/debug/neovim-0.8.2-2.fc38.x86_64/src/nvim/ex_docmd.c:1620
#22 do_one_cmd at /usr/src/debug/neovim-0.8.2-2.fc38.x86_64/src/nvim/ex_docmd.c:2275
#23 do_cmdline at /usr/src/debug/neovim-0.8.2-2.fc38.x86_64/src/nvim/ex_docmd.c:584
#24 do_ucmd at /usr/src/debug/neovim-0.8.2-2.fc38.x86_64/src/nvim/usercmd.c:1661
#25 execute_cmd0 at /usr/src/debug/neovim-0.8.2-2.fc38.x86_64/src/nvim/ex_docmd.c:1612
#26 do_one_cmd at /usr/src/debug/neovim-0.8.2-2.fc38.x86_64/src/nvim/ex_docmd.c:2275
#27 do_cmdline at /usr/src/debug/neovim-0.8.2-2.fc38.x86_64/src/nvim/ex_docmd.c:584
#28 nv_colon at /usr/src/debug/neovim-0.8.2-2.fc38.x86_64/src/nvim/normal.c:4058
#29 normal_execute at /usr/src/debug/neovim-0.8.2-2.fc38.x86_64/src/nvim/normal.c:1172
#30 state_enter at /usr/src/debug/neovim-0.8.2-2.fc38.x86_64/src/nvim/state.c:88
#31 normal_enter at /usr/src/debug/neovim-0.8.2-2.fc38.x86_64/src/nvim/normal.c:471
Solution:
Subtract the offset from the buffer size.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'test/functional/api/vim_spec.lua')
0 files changed, 0 insertions, 0 deletions