neovim

mirror of https://github.com/neovim/neovim.git synced 2024-12-20 03:05:11 -07:00

History

zeertzjq 9cc346119b vim-patch:9.0.2142: [security]: stack-buffer-overflow in option callback functions Problem: [security]: stack-buffer-overflow in option callback functions Solution: pass size of errbuf down the call stack, use snprintf() instead of sprintf() We pass the error buffer down to the option callback functions, but in some parts of the code, we simply use sprintf(buf) to write into the error buffer, which can overflow. So let's pass down the length of the error buffer and use sprintf(buf, size) instead. Reported by @henices, thanks! `b39b240c38` Co-authored-by: Christian Brabandt <cb@256bit.org>	2023-12-02 10:41:31 +08:00
..
testdir	vim-patch:9.0.2142: [security]: stack-buffer-overflow in option callback functions	2023-12-02 10:41:31 +08:00
memfile_test.c	build: remove PVS	2023-11-12 21:26:39 +01:00

zeertzjq 9cc346119b vim-patch:9.0.2142: [security]: stack-buffer-overflow in option callback functions

Problem:  [security]: stack-buffer-overflow in option callback functions
Solution: pass size of errbuf down the call stack, use snprintf()
          instead of sprintf()

We pass the error buffer down to the option callback functions, but in
some parts of the code, we simply use sprintf(buf) to write into the error
buffer, which can overflow.

So let's pass down the length of the error buffer and use sprintf(buf, size)
instead.

Reported by @henices, thanks!

b39b240c38

Co-authored-by: Christian Brabandt <cb@256bit.org>

2023-12-02 10:41:31 +08:00

testdir vim-patch:9.0.2142: [security]: stack-buffer-overflow in option callback functions 2023-12-02 10:41:31 +08:00

memfile_test.c build: remove PVS 2023-11-12 21:26:39 +01:00