commit 73157c994db42ab1857396531d4a09f460052c61
parent 9cbc430cfb9284d824b316a508b278c6339ad4ef
Author: zeertzjq <zeertzjq@outlook.com>
Date: Sat, 14 Feb 2026 09:03:52 +0800
fix(messages): heap-buffer-overflow with shell command (#37855)
Problem: heap-buffer-overflow when showing output of a shell command.
Solution: Use xmemrchr() instead of strrchr().
Ref: https://github.com/neovim/neovim/pull/37831#issuecomment-3900149476
Diffstat:
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/nvim/message.c b/src/nvim/message.c
@@ -2354,7 +2354,7 @@ static void msg_puts_display(const char *str, int maxlen, int hl_id, int recurse
ga_concat_len(&msg_ext_last_chunk, str, len);
// Find last newline in the message and calculate the current message column
- const char *lastline = strrchr(str, '\n');
+ const char *lastline = xmemrchr(str, '\n', len);
maxlen -= (int)(lastline ? (lastline - str) : 0);
const char *p = lastline ? lastline + 1 : str;
int col = (int)(maxlen < 0 ? mb_string2cells(p) : mb_string2cells_len(p, (size_t)(maxlen)));
