mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-10-07 02:16:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

vim-patch:9.0.1458: buffer overflow when expanding long file name

Browse Source 
Problem:    Buffer overflow when expanding long file name.
Solution:   Use a larger buffer and avoid overflowing it. (Yee Cheng Chin,
            closes vim/vim#12201)

a77670726e

Co-authored-by: Yee Cheng Chin <ychin.git@gmail.com>
This commit is contained in:
zeertzjq
2025-03-15 08:16:28 +08:00
parent ad5bced637
commit b0b61c42b3
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/nvim/path.c
View File

@@ -627,7 +627,7 @@ static size_t do_path_expand(garray_T *gap, const char *path, size_t wildoff, in
// Make room for file name. When doing encoding conversion the actual
// length may be quite a bit longer, thus use the maximum possible length.
const size_t buflen = MAXPATHL;
const size_t buflen = strlen(path) + MAXPATHL;
char *buf = xmalloc(buflen);
// Find the first part in the path name that contains a wildcard.
@@ -740,7 +740,7 @@ static size_t do_path_expand(garray_T *gap, const char *path, size_t wildoff, in
&& ((regmatch.regprog != NULL && vim_regexec(&regmatch, name, 0))
|| ((flags & EW_NOTWILD)
&& path_fnamencmp(path + (s - buf), name, (size_t)(e - s)) == 0))) {
STRCPY(s, name);
xstrlcpy(s, name, buflen - (size_t)(s - buf));
len = strlen(buf);
if (starstar && stardepth < 100) {