From c920d9344368a1506be0bbff116ff9d4cd96476f Mon Sep 17 00:00:00 2001
From: Foxe Chen <chen.foxe@gmail.com>
Date: Sun, 17 May 2026 20:42:20 +0000
Subject: [PATCH] patch 9.2.0498: potential heap buffer overflow in
 if_xcmdsrv.c

Problem:  potential heap buffer overflow in if_xcmdsrv.c
          server_parse_message() (Michael Bommarito)
Solution: Add strlen() call (Foxe Chen)

fixes:  #20235
closes: #20236

Signed-off-by: Foxe Chen <chen.foxe@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
---
 src/if_xcmdsrv.c | 2 +-
 src/version.c    | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/if_xcmdsrv.c b/src/if_xcmdsrv.c
index 070e0db099..43e1e34070 100644
--- a/src/if_xcmdsrv.c
+++ b/src/if_xcmdsrv.c
@@ -1333,7 +1333,7 @@ server_parse_message(
 
 			// Initialize the result property.
 			ga_init2(&reply, 1, 100);
-			(void)ga_grow(&reply, 50 + STRLEN(p_enc));
+			(void)ga_grow(&reply, 50 + STRLEN(p_enc) + STRLEN(serial));
 			sprintf(reply.ga_data, "%cr%c-E %s%c-s %s%c-r ",
 						   0, 0, p_enc, 0, serial, 0);
 			reply.ga_len = 14 + STRLEN(p_enc) + STRLEN(serial);
diff --git a/src/version.c b/src/version.c
index 2eaaa45624..f348ffc9ef 100644
--- a/src/version.c
+++ b/src/version.c
@@ -729,6 +729,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    498,
 /**/
     497,
 /**/