kevin/neovim
1
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2024-12-20 19:25:11 -07:00
Code Issues Packages Projects Releases Wiki Activity
9cc346119b
neovim/test/functional
History
zeertzjq 9cc346119b vim-patch:9.0.2142: [security]: stack-buffer-overflow in option callback functions 
Problem:  [security]: stack-buffer-overflow in option callback functions
Solution: pass size of errbuf down the call stack, use snprintf()
          instead of sprintf()

We pass the error buffer down to the option callback functions, but in
some parts of the code, we simply use sprintf(buf) to write into the error
buffer, which can overflow.

So let's pass down the length of the error buffer and use sprintf(buf, size)
instead.

Reported by @henices, thanks!

b39b240c38

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-12-02 10:41:31 +08:00
..
api fix(api): use a conditional stack for nvim_cmd (#26341) 2023-12-01 13:56:04 +08:00
autocmd vim-patch:9.0.2134: ml_get error when scrolling (#26264) 2023-11-29 13:24:24 +08:00
core fix(defaults): set 'fsync' #26034 2023-11-14 02:56:50 -08:00
editor fix(extmark): restore extmarks when completing original text 2023-11-29 23:38:27 +01:00
ex_cmds docs: small fixes 2023-10-10 19:20:32 +02:00
fixtures build: remove PVS 2023-11-12 21:26:39 +01:00
legacy vim-patch:9.0.2142: [security]: stack-buffer-overflow in option callback functions 2023-12-02 10:41:31 +08:00
lua test: check vim.wait() error message in fast context (#26242) 2023-11-27 18:24:32 +08:00
options vim-patch:9.0.2035: [security] use-after-free with wildmenu (#25687) 2023-10-17 22:43:42 +08:00
plugin test: skip failing watch file tests on freebsd (#26110) 2023-11-19 18:37:49 +01:00
provider fix(messages): use "Vimscript" instead of "VimL" #24111 2023-06-22 04:09:14 -07:00
shada fix(shada): update marks when using delmarks! (#24978) 2023-09-03 10:34:09 +08:00
terminal fix(tui): grow termkey's internal buffer for large escape sequences (#26309) 2023-11-30 08:04:33 -06:00
treesitter fix(treesitter): don't invalidate parser when discovering injections 2023-11-27 15:53:26 +01:00
ui perf(column): only invalidate lines affected by added sign 2023-11-29 10:17:15 +00:00
vimscript revert: "memory: Free buffers after freeing variables" (#26356) 2023-12-02 09:55:11 +08:00
example_spec.lua screen.lua: remove screen:_on_event #11488 2019-12-01 01:06:10 -08:00
helpers.lua test: remove the pipe created by new_pipename() (#26173) 2023-11-23 23:05:52 +08:00
preload.lua test: remove unused variable (#21552) 2022-12-29 07:20:42 +08:00