summaryrefslogtreecommitdiffstats
path: root/debian/patches/CVE-2022-2000.patch
blob: e3fa6e29162745d7fe18af778d05ff103d303d5d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
From 44a3f3353e0407e9fffee138125a6927d1c9e7e5 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Mon, 6 Jun 2022 15:38:21 +0100
Subject: [PATCH] patch 8.2.5063: error for a command may go over the end of
 IObuff

Problem:    Error for a command may go over the end of IObuff.
Solution:   Truncate the message.
---
 src/ex_docmd.c               | 12 ++++++++++--
 src/testdir/test_cmdline.vim |  5 +++++
 src/version.c                |  2 ++
 3 files changed, 17 insertions(+), 2 deletions(-)

--- a/src/ex_docmd.c
+++ b/src/ex_docmd.c
@@ -3111,9 +3111,17 @@ checkforcmd(
     static void
 append_command(char_u *cmd)
 {
-    char_u *s = cmd;
-    char_u *d;
+    size_t  len = STRLEN(IObuff);
+    char_u  *s = cmd;
+    char_u  *d;
 
+    if (len > IOSIZE - 100)
+    {
+	// Not enough space, truncate and put in "...".
+	d = IObuff + IOSIZE - 100;
+	d -= mb_head_off(IObuff, d);
+	STRCPY(d, "...");
+    }
     STRCAT(IObuff, ": ");
     d = IObuff + STRLEN(IObuff);
     while (*s != NUL && d - IObuff + 5 < IOSIZE)
--- a/src/testdir/test_cmdline.vim
+++ b/src/testdir/test_cmdline.vim
@@ -657,3 +657,9 @@ endfunc
 
 
 set cpo&
+
+func Test_long_error_message()
+  " the error should be truncated, not overrun IObuff
+  silent! norm Q00000000000000     000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000                                                                                                                                                                                                                        
+endfunc
+
--- a/src/version.c
+++ b/src/version.c
@@ -792,6 +792,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    5063,
+/**/
     5043,
 /**/
     805,