From db17d2c0fa2f82edc486ec7954e174404a115036 Mon Sep 17 00:00:00 2001 From: "Justin M. Keyes" Date: Wed, 29 Aug 2018 10:06:35 +0200 Subject: API: Avoid overrun when formatting error-message msgpack_rpc_to_object (called by handle_request .. msgpack_rpc_to_array) always NUL-terminates API Strings. But handle_request .. msgpack_rpc_get_handler_for operates on a raw msgpack_object, before preparation. --- src/nvim/api/private/dispatch.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/nvim/api/private/dispatch.c') diff --git a/src/nvim/api/private/dispatch.c b/src/nvim/api/private/dispatch.c index dec2b6c185..c08225bbfc 100644 --- a/src/nvim/api/private/dispatch.c +++ b/src/nvim/api/private/dispatch.c @@ -40,7 +40,8 @@ MsgpackRpcRequestHandler msgpack_rpc_get_handler_for(const char *name, map_get(String, MsgpackRpcRequestHandler)(methods, m); if (!rv.fn) { - api_set_error(error, kErrorTypeException, "Invalid method: %s", + api_set_error(error, kErrorTypeException, "Invalid method: %.*s", + m.size > 0 ? m.size : sizeof(""), m.size > 0 ? m.data : ""); } return rv; -- cgit