From 7a344c795f30bc45adb3973931dbedbdfed7e67c Mon Sep 17 00:00:00 2001
From: nfnty <git@nfnty.se>
Date: Sun, 11 Dec 2016 23:44:54 +0100
Subject: path.c: `vim_FullName()`: Fix heap overflow #5737

- Clarify documentation.
- Return `FAIL` and truncate if `fname` is too long.
- Add tests.
---
 test/unit/path_spec.lua | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'test')

diff --git a/test/unit/path_spec.lua b/test/unit/path_spec.lua
index 9b76834383..ccaf0228ab 100644
--- a/test/unit/path_spec.lua
+++ b/test/unit/path_spec.lua
@@ -336,6 +336,17 @@ describe('more path function', function()
       eq(FAIL, result)
     end)
 
+    it('fails safely if given length is wrong #5737', function()
+      local force_expansion = 1
+      local filename = 'foo/bar/bazzzzzzz/buz/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/a'
+      local too_short_len = 8
+      local buf = cstr(too_short_len, '')
+      local result = path.vim_FullName(filename, buf, too_short_len, force_expansion)
+      local expected = string.sub(filename, 1, (too_short_len - 1))
+      eq(expected, (ffi.string(buf)))
+      eq(FAIL, result)
+    end)
+
     it('uses the filename if the filename is a URL', function()
       local force_expansion = 1
       local filename = 'http://www.neovim.org'
-- 
cgit