To: vim_dev@googlegroups.com Subject: Patch 8.0.0493 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.0.0493 Problem: Crash with cd command with very long argument. Solution: Check for running out of space. (Dominique pending, closes #1576) Files: src/testdir/test_alot.vim, src/testdir/test_cd.vim, src/Makefile, src/misc2.c *** ../vim-8.0.0492/src/testdir/test_alot.vim 2017-03-19 16:09:41.157653918 +0100 --- src/testdir/test_alot.vim 2017-03-19 21:28:46.113515367 +0100 *************** *** 3,8 **** --- 3,9 ---- set belloff=all source test_assign.vim + source test_cd.vim source test_changedtick.vim source test_cursor_func.vim source test_delete.vim *** ../vim-8.0.0492/src/testdir/test_cd.vim 2017-03-19 21:35:57.194342899 +0100 --- src/testdir/test_cd.vim 2017-03-19 21:32:54.723687379 +0100 *************** *** 0 **** --- 1,13 ---- + " Test for :cd + + func Test_cd_large_path() + " This used to crash with a heap write overflow. + call assert_fails('cd ' . repeat('x', 5000), 'E472:') + endfunc + + func Test_cd_up_and_down() + let path = getcwd() + cd .. + exe 'cd ' . path + call assert_equal(path, getcwd()) + endfunc *** ../vim-8.0.0492/src/Makefile 2017-03-19 20:04:05.534628090 +0100 --- src/Makefile 2017-03-19 21:30:40.968673319 +0100 *************** *** 2096,2101 **** --- 2095,2101 ---- test_backspace_opt \ test_breakindent \ test_bufwintabinfo \ + test_cd \ test_cdo \ test_changedtick \ test_channel \ *** ../vim-8.0.0492/src/misc2.c 2017-03-16 19:58:19.420253384 +0100 --- src/misc2.c 2017-03-19 21:31:13.644432427 +0100 *************** *** 4637,4649 **** if (!vim_isAbsName(stackp->ffs_fix_path) && search_ctx->ffsc_start_dir) { ! STRCPY(file_path, search_ctx->ffsc_start_dir); ! add_pathsep(file_path); } /* append the fix part of the search path */ ! STRCAT(file_path, stackp->ffs_fix_path); ! add_pathsep(file_path); #ifdef FEAT_PATH_EXTRA rest_of_wildcards = stackp->ffs_wc_path; --- 4637,4659 ---- if (!vim_isAbsName(stackp->ffs_fix_path) && search_ctx->ffsc_start_dir) { ! if (STRLEN(search_ctx->ffsc_start_dir) + 1 < MAXPATHL) ! { ! STRCPY(file_path, search_ctx->ffsc_start_dir); ! add_pathsep(file_path); ! } ! else ! goto fail; } /* append the fix part of the search path */ ! if (STRLEN(file_path) + STRLEN(stackp->ffs_fix_path) + 1 < MAXPATHL) ! { ! STRCAT(file_path, stackp->ffs_fix_path); ! add_pathsep(file_path); ! } ! else ! goto fail; #ifdef FEAT_PATH_EXTRA rest_of_wildcards = stackp->ffs_wc_path; *************** *** 4660,4666 **** if (*p > 0) { (*p)--; ! file_path[len++] = '*'; } if (*p == 0) --- 4670,4679 ---- if (*p > 0) { (*p)--; ! if (len + 1 < MAXPATHL) ! file_path[len++] = '*'; ! else ! goto fail; } if (*p == 0) *************** *** 4688,4694 **** */ while (*rest_of_wildcards && !vim_ispathsep(*rest_of_wildcards)) ! file_path[len++] = *rest_of_wildcards++; file_path[len] = NUL; if (vim_ispathsep(*rest_of_wildcards)) --- 4701,4710 ---- */ while (*rest_of_wildcards && !vim_ispathsep(*rest_of_wildcards)) ! if (len + 1 < MAXPATHL) ! file_path[len++] = *rest_of_wildcards++; ! else ! goto fail; file_path[len] = NUL; if (vim_ispathsep(*rest_of_wildcards)) *************** *** 4749,4757 **** /* prepare the filename to be checked for existence * below */ ! STRCPY(file_path, stackp->ffs_filearray[i]); ! add_pathsep(file_path); ! STRCAT(file_path, search_ctx->ffsc_file_to_search); /* * Try without extra suffix and then with suffixes --- 4765,4779 ---- /* prepare the filename to be checked for existence * below */ ! if (STRLEN(stackp->ffs_filearray[i]) + 1 ! + STRLEN(search_ctx->ffsc_file_to_search) < MAXPATHL) ! { ! STRCPY(file_path, stackp->ffs_filearray[i]); ! add_pathsep(file_path); ! STRCAT(file_path, search_ctx->ffsc_file_to_search); ! } ! else ! goto fail; /* * Try without extra suffix and then with suffixes *************** *** 4924,4932 **** if (*search_ctx->ffsc_start_dir == 0) break; ! STRCPY(file_path, search_ctx->ffsc_start_dir); ! add_pathsep(file_path); ! STRCAT(file_path, search_ctx->ffsc_fix_path); /* create a new stack entry */ sptr = ff_create_stack_element(file_path, --- 4946,4960 ---- if (*search_ctx->ffsc_start_dir == 0) break; ! if (STRLEN(search_ctx->ffsc_start_dir) + 1 ! + STRLEN(search_ctx->ffsc_fix_path) < MAXPATHL) ! { ! STRCPY(file_path, search_ctx->ffsc_start_dir); ! add_pathsep(file_path); ! STRCAT(file_path, search_ctx->ffsc_fix_path); ! } ! else ! goto fail; /* create a new stack entry */ sptr = ff_create_stack_element(file_path, *************** *** 4940,4945 **** --- 4968,4974 ---- } #endif + fail: vim_free(file_path); return NULL; } *** ../vim-8.0.0492/src/version.c 2017-03-19 21:20:45.893034321 +0100 --- src/version.c 2017-03-19 21:36:06.614273508 +0100 *************** *** 766,767 **** --- 766,769 ---- { /* Add new patch number below this line */ + /**/ + 493, /**/ -- Apathy Error: Don't bother striking any key. /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///