Loading ...
Sorry, an error occurred while loading the content.

PATCH: buffer overflow when using :vimgrep

Expand Messages
  • Gabriel Barta
    Hi everybody, Here is a patch for src/fileio.c, fixing a buffer overflow when invoking vimgrep (if FEAT_AUTOCMD and FEAT_SYN_HL are defined). The ex_vimgrep
    Message 1 of 2 , Nov 7, 2005
    • 0 Attachment
      Hi everybody,

      Here is a patch for src/fileio.c, fixing a buffer overflow when
      invoking vimgrep (if FEAT_AUTOCMD and FEAT_SYN_HL are defined).

      The ex_vimgrep function calls au_event_disable(",Filetype"), i.e.
      passing a string with 9 chars, but inside au_event_disable it was
      assuming that the parameter string was at most 8 chars long. Instead
      I just check for the actual length of the string. The diff was made
      against the vim7.0157 snapshot.

      Regards,
      Gabriel

      --- ../vim7.0157snapshot/src/fileio.c 2005-10-11 16:38:28.000000000 +1000
      +++ src/fileio.c 2005-11-08 14:00:55.200407600 +1100
      @@ -7273,7 +7273,7 @@ au_event_disable(what)
      save_ei = vim_strsave(p_ei);
      if (save_ei != NULL)
      {
      - new_ei = vim_strnsave(p_ei, (int)STRLEN(p_ei) + 8);
      + new_ei = vim_strnsave(p_ei, (int)STRLEN(p_ei) + (int)STRLEN(what));
      if (new_ei != NULL)
      {
      STRCAT(new_ei, what);
    • Bram Moolenaar
      Gabriel - ... Thanks for fixing this! - Bram -- An actual excerpt from a classified section of a city newspaper: Illiterate? Write today for free help! ///
      Message 2 of 2 , Nov 21, 2005
      • 0 Attachment
        Gabriel -

        > Here is a patch for src/fileio.c, fixing a buffer overflow when
        > invoking vimgrep (if FEAT_AUTOCMD and FEAT_SYN_HL are defined).
        >
        > The ex_vimgrep function calls au_event_disable(",Filetype"), i.e.
        > passing a string with 9 chars, but inside au_event_disable it was
        > assuming that the parameter string was at most 8 chars long. Instead
        > I just check for the actual length of the string. The diff was made
        > against the vim7.0157 snapshot.

        Thanks for fixing this!

        - Bram

        --
        An actual excerpt from a classified section of a city newspaper:
        "Illiterate? Write today for free help!"

        /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net \\\
        /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
        \\\ download, build and distribute -- http://www.A-A-P.org ///
        \\\ help me help AIDS victims -- http://www.ICCF.nl ///
      Your message has been successfully submitted and would be delivered to recipients shortly.