From 8e2a892e709df140d321b8058be041c0fe111ebc Mon Sep 17 00:00:00 2001
From: Jan Edmund Lazo <janedmundlazo@hotmail.com>
Date: Tue, 14 Aug 2018 11:59:09 -0400
Subject: vim-patch:8.0.1409: buffer overflow in :tags command

Problem:    Buffer overflow in :tags command.
Solution:   Use vim_snprintf(). (Dominique Pelle, closes vim/vim#2471, closes vim/vim#2475)
            Add a test.
https://github.com/vim/vim/commit/132f75255ecea17ff621f71236568c5d8d8e0163
---
 src/nvim/tag.c                    | 2 +-
 src/nvim/testdir/test_taglist.vim | 7 ++++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/nvim/tag.c b/src/nvim/tag.c
index 3b87fcb878..2e26f95e70 100644
--- a/src/nvim/tag.c
+++ b/src/nvim/tag.c
@@ -952,7 +952,7 @@ void do_tags(exarg_T *eap)
         continue;
 
       msg_putchar('\n');
-      sprintf((char *)IObuff, "%c%2d %2d %-15s %5ld  ",
+      vim_snprintf((char *)IObuff, IOSIZE, "%c%2d %2d %-15s %5ld  ",
           i == tagstackidx ? '>' : ' ',
           i + 1,
           tagstack[i].cur_match + 1,
diff --git a/src/nvim/testdir/test_taglist.vim b/src/nvim/testdir/test_taglist.vim
index 2d1557ebd9..3ad2025915 100644
--- a/src/nvim/testdir/test_taglist.vim
+++ b/src/nvim/testdir/test_taglist.vim
@@ -1,4 +1,4 @@
-" test 'taglist' function
+" test 'taglist' function and :tags command
 
 func Test_taglist()
   call writefile([
@@ -56,3 +56,8 @@ func Test_taglist_ctags_etags()
 
   call delete('Xtags')
 endfunc
+
+func Test_tags_too_long()
+  call assert_fails('tag ' . repeat('x', 1020), 'E426')
+  tags
+endfunc
-- 
cgit