mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-09-23 19:48:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

vim-patch:8.2.4895: buffer overflow with invalid command with composing chars

Browse Source 
Problem:    Buffer overflow with invalid command with composing chars.
Solution:   Check that the whole character fits in the buffer.
d88934406c
This commit is contained in:
zeertzjq
2022-06-24 06:25:34 +08:00
parent 764dc7c383
commit 0cf0be302b
2 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/nvim/ex_docmd.c
View File

@@ -2892,11 +2892,13 @@ static void append_command(char *cmd)
STRCAT(IObuff, ": ");
d = (char *)IObuff + STRLEN(IObuff);
while (*s != NUL && (char_u *)d - IObuff < IOSIZE - 7) {
while (*s != NUL && (char_u *)d - IObuff + 5 < IOSIZE) {
if ((char_u)s[0] == 0xc2 && (char_u)s[1] == 0xa0) {
s += 2;
STRCPY(d, "<a0>");
d += 4;
} else if ((char_u *)d - IObuff + utfc_ptr2len(s) + 1 >= IOSIZE) {
break;
} else {
mb_copy_char((const char_u **)&s, (char_u **)&d);
}