To: vim_dev@googlegroups.com Subject: Patch 8.0.1409 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.0.1409 Problem: Buffer overflow in :tags command. Solution: Use vim_snprintf(). (Dominique Pelle, closes #2471, closes #2475) Add a test. Files: src/testdir/test_taglist.vim, src/tag.c *** ../vim-8.0.1408/src/testdir/test_taglist.vim 2017-04-07 20:30:24.192092760 +0200 --- src/testdir/test_taglist.vim 2017-12-19 10:46:27.077164796 +0100 *************** *** 1,4 **** ! " test 'taglist' function func Test_taglist() call writefile([ --- 1,4 ---- ! " test 'taglist' function and :tags command func Test_taglist() call writefile([ *************** *** 56,58 **** --- 56,63 ---- call delete('Xtags') endfunc + + func Test_tags_too_long() + call assert_fails('tag ' . repeat('x', 1020), 'E426') + tags + endfunc *** ../vim-8.0.1408/src/tag.c 2017-10-26 16:42:12.353737032 +0200 --- src/tag.c 2017-12-19 10:46:06.793241196 +0100 *************** *** 1130,1136 **** continue; msg_putchar('\n'); ! sprintf((char *)IObuff, "%c%2d %2d %-15s %5ld ", i == tagstackidx ? '>' : ' ', i + 1, tagstack[i].cur_match + 1, --- 1130,1136 ---- continue; msg_putchar('\n'); ! vim_snprintf((char *)IObuff, IOSIZE, "%c%2d %2d %-15s %5ld ", i == tagstackidx ? '>' : ' ', i + 1, tagstack[i].cur_match + 1, *** ../vim-8.0.1408/src/version.c 2017-12-19 10:22:15.126320001 +0100 --- src/version.c 2017-12-19 10:43:16.914086097 +0100 *************** *** 773,774 **** --- 773,776 ---- { /* Add new patch number below this line */ + /**/ + 1409, /**/ -- You cannot have a baby in one month by getting nine women pregnant. /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///