averello/vim-mirror
1
0
Fork 0
mirror of https://github.com/vim/vim.git synced 2026-05-28 00:21:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

patch 9.2.0293: :packadd may lead to heap-buffer-overflow

Browse Source 
Problem:  :packadd may lead to heap-buffer-overflow when all entries in
          'runtimepath' have the same length (after 9.2.0291).
Solution: Check for comma after current entry properly (zeertzjq).

related: #19854
closes:  #19911

Signed-off-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
zeertzjq
2026-04-04 08:32:33 +00:00
committed by Christian Brabandt
parent a9d01da661
commit bc182ae56e
3 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/scriptfile.c
+1 -1
View File
@@ -885,7 +885,7 @@ add_pack_dir_to_rtp(char_u *fname)
buf.length = (size_t)copy_option_part(&entry, buf.string, MAXPATHL, ",");
// keep track of p_rtp length as we go to make the STRLEN() below have less work to do
p_rtp_len += (*(p_rtp + buf.length) == ',') ? buf.length + 1 : buf.length;
p_rtp_len += (*(cur_entry + buf.length) == ',') ? buf.length + 1 : buf.length;
if ((p = (char_u *)strstr((char *)buf.string, "after")) != NULL
&& p > buf.string