averello/macvim-mirror
1
0
Fork 0
mirror of https://github.com/macvim-dev/macvim.git synced 2026-06-11 15:37:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

ccfilter: uses unbounded strcat()/strcpy()

Browse Source 
Problem:  ccfilter.c copies compiler output into fixed-size buffers
          with strcat() and strcpy(), so very long diagnostics can
          overflow.
Solution: replace with snprintf() bounded by LINELENGTH.

Automated security fix generated by Orbis Security AI

closes: #20233

Signed-off-by: orbisai0security <mediratta01.pally@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
orbisai0security
2026-05-17 08:19:14 +00:00
committed by Christian Brabandt
parent 8ae45e4202
commit 403ba303b9
1 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
runtime/tools/ccfilter.c
+7 -6
View File
@@ -249,14 +249,15 @@ int main( int argc, char *argv[] )
stay = (echogets(Line2, echo) != NULL);
while ( stay && (Line2[0] == '|') )
{ for (p=&Line2[2]; (*p) && (isspace((unsigned char)*p)); p++);
strcat( Reason, ": " );
strcat( Reason, p );
{ size_t n;
for (p=&Line2[2]; (*p) && (isspace((unsigned char)*p)); p++);
n = strlen(Reason);
snprintf( Reason + n, LINELENGTH - n, ": %s", p );
Line2[0] = 0;
stay = (echogets(Line2, echo) != NULL);
}
prefetch = 1;
strcpy( Line, Line2 );
snprintf( Line, LINELENGTH, "%s", Line2 );
break;
case COMPILER_IRIX:
Col = 1;
@@ -291,8 +292,8 @@ int main( int argc, char *argv[] )
prefetch = 0;
}
else
{ strcat( Line, "\n" );
strcat( Line, Line2 );
{ size_t n = strlen(Line);
snprintf( Line + n, LINELENGTH - n, "\n%s", Line2 );
}
}
}