mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-09-27 05:28:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

vim-patch:7.4.2223

Browse Source 
Problem:    Buffer overflow when using latin1 character with feedkeys().
Solution:   Check for an illegal character.  Add a test.

d3c907b5d2
This commit is contained in:
James McCoy
2017-03-10 17:26:22 -05:00
parent eaf1f9b9dc
commit 2ed2b1d505
8 changed files with 57 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/nvim/getchar.c
View File

@@ -3746,8 +3746,10 @@ eval_map_expr (
*/
char_u *vim_strsave_escape_csi(char_u *p)
{
/* Need a buffer to hold up to three times as much. */
char_u *res = xmalloc(STRLEN(p) * 3 + 1);
// Need a buffer to hold up to three times as much. Four in case of an
// illegal utf-8 byte:
// 0xc0 -> 0xc3 - 0x80 -> 0xc3 K_SPECIAL KS_SPECIAL KE_FILLER
char_u *res = xmalloc(STRLEN(p) * 4 + 1);
char_u *d = res;
for (char_u *s = p; *s != NUL; ) {
if (s[0] == K_SPECIAL && s[1] != NUL && s[2] != NUL) {
@@ -3756,17 +3758,10 @@ char_u *vim_strsave_escape_csi(char_u *p)
*d++ = *s++;
*d++ = *s++;
} else {
int len = mb_char2len(PTR2CHAR(s));
int len2 = mb_ptr2len(s);
/* Add character, possibly multi-byte to destination, escaping
* CSI and K_SPECIAL. */
// Add character, possibly multi-byte to destination, escaping
// CSI and K_SPECIAL. Be careful, it can be an illegal byte!
d = add_char2buf(PTR2CHAR(s), d);
while (len < len2) {
/* add following combining char */
d = add_char2buf(PTR2CHAR(s + len), d);
len += mb_char2len(PTR2CHAR(s + len));
}
mb_ptr_adv(s);
s += MB_CPTR2LEN(s);
}
}
*d = NUL;