GitHub/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim synced 2025-07-15 16:51:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

vim-patch:9.0.1458: buffer overflow when expanding long file name

Browse Source 
Problem:    Buffer overflow when expanding long file name.
Solution:   Use a larger buffer and avoid overflowing it. (Yee Cheng Chin,
            closes vim/vim#12201)

a77670726e

Co-authored-by: Yee Cheng Chin <ychin.git@gmail.com>
(cherry picked from commit b0b61c42b3)
This commit is contained in:
zeertzjq
2025-03-15 08:16:28 +08:00
committed by github-actions[bot]
parent 52ad6adc8d
commit aab7129abe
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/nvim/path.c
View File

@ -633,7 +633,7 @@ static size_t do_path_expand(garray_T *gap, const char *path, size_t wildoff, in
// Make room for file name. When doing encoding conversion the actual
// length may be quite a bit longer, thus use the maximum possible length.
const size_t buflen = MAXPATHL;
const size_t buflen = strlen(path) + MAXPATHL;
char *buf = xmalloc(buflen);
// Find the first part in the path name that contains a wildcard.
@ -746,7 +746,7 @@ static size_t do_path_expand(garray_T *gap, const char *path, size_t wildoff, in
&& ((regmatch.regprog != NULL && vim_regexec(&regmatch, name, 0))
|| ((flags & EW_NOTWILD)
&& path_fnamencmp(path + (s - buf), name, (size_t)(e - s)) == 0))) {
STRCPY(s, name);
xstrlcpy(s, name, buflen - (size_t)(s - buf));
len = strlen(buf);
if (starstar && stardepth < 100) {