neovim

mirror of https://github.com/neovim/neovim.git synced 2026-05-24 13:50:06 +00:00

Files

zeertzjq 0e69a38026 vim-patch:9.2.0436: Buffer overflow when parsing overlong errorformat lines (#39578 )

Problem:  When an error line in a file passed to :cfile / :cgetfile is
          longer than IOSIZE, qf_parse_file_pfx() copies the tail
          into the fixed-size IObuff with STRMOVE(), overflowing the heap buffer.
          The same code path can also loop indefinitely because
          qf_parse_file_pfx() always returns QF_MULTISCAN when a
          tail is present, and qf_init_ext() unconditionally goes
          to "restofline" without bounding the tail length (Nabih).
Solution: Remove the STRMOVE() into IObuff.  In the QF_MULTISCAN
          branch, alias linebuf into the tail directly and update
          linelen, requiring strict progress (new length less than
          the previous length) before retrying; otherwise ignore
          the line.

closes: vim/vim#20126

Supported by AI

77677c33de

Co-authored-by: Christian Brabandt <cb@256bit.org>

2026-05-04 07:20:16 +08:00

testdir

vim-patch:9.2.0436: Buffer overflow when parsing overlong errorformat lines (#39578 )

2026-05-04 07:20:16 +08:00

memfile_test.c

build: remove PVS

2023-11-12 21:26:39 +01:00