To: vim_dev@googlegroups.com
Subject: Patch 9.0.1458
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
------------

Patch 9.0.1458
Problem:    Buffer overflow when expanding long file name.
Solution:   Use a larger buffer and avoid overflowing it. (Yee Cheng Chin,
            closes #12201)
Files:      src/filepath.c


*** ../vim-9.0.1457/src/filepath.c	2023-03-11 13:55:49.187639725 +0000
--- src/filepath.c	2023-04-16 20:12:40.785992559 +0100
***************
*** 938,946 ****
  
      static void
  findfilendir(
!     typval_T	*argvars UNUSED,
      typval_T	*rettv,
!     int		find_what UNUSED)
  {
      char_u	*fname;
      char_u	*fresult = NULL;
--- 938,946 ----
  
      static void
  findfilendir(
!     typval_T	*argvars,
      typval_T	*rettv,
!     int		find_what)
  {
      char_u	*fname;
      char_u	*fresult = NULL;
***************
*** 3685,3691 ****
      int		didstar)	// expanded "**" once already
  {
      char_u	*buf;
-     size_t	buflen;
      char_u	*path_end;
      char_u	*p, *s, *e;
      int		start_len = gap->ga_len;
--- 3685,3690 ----
***************
*** 3708,3715 ****
  	    return 0;
      }
  
!     // make room for file name
!     buflen = STRLEN(path) + BASENAMELEN + 5;
      buf = alloc(buflen);
      if (buf == NULL)
  	return 0;
--- 3707,3714 ----
  	    return 0;
      }
  
!     // make room for file name (a bit too much to stay on the safe side)
!     size_t buflen = STRLEN(path) + MAXPATHL;
      buf = alloc(buflen);
      if (buf == NULL)
  	return 0;
***************
*** 3828,3834 ****
  		   || ((flags & EW_NOTWILD)
  		     && fnamencmp(path + (s - buf), dp->d_name, e - s) == 0)))
  	    {
! 		STRCPY(s, dp->d_name);
  		len = STRLEN(buf);
  
  		if (starstar && stardepth < 100)
--- 3827,3833 ----
  		   || ((flags & EW_NOTWILD)
  		     && fnamencmp(path + (s - buf), dp->d_name, e - s) == 0)))
  	    {
! 		vim_strncpy(s, (char_u *)dp->d_name, buflen - (s - buf) - 1);
  		len = STRLEN(buf);
  
  		if (starstar && stardepth < 100)
*** ../vim-9.0.1457/src/version.c	2023-04-16 17:17:33.052497158 +0100
--- src/version.c	2023-04-16 20:08:12.866500293 +0100
***************
*** 697,698 ****
--- 697,700 ----
  {   /* Add new patch number below this line */
+ /**/
+     1458,
  /**/

-- 
BEDEVERE: How do you know so much about swallows?
ARTHUR:   Well you have to know these things when you're a king, you know.
                 "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
///                                                                      \\\
\\\        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///