neovim

Neovim text editor
git clone https://git.dasho.dev/neovim.git
Log | Files | Refs | README
commit 76e6b81b23c59ee119d6cc34eed0ef580f15db07
parent fc954d0a61ca8952bdcd05f66fe07ae2a4ccb712
Author: Sean Dewar <seandewar@users.noreply.github.com>
Date:   Fri,  8 Oct 2021 20:44:58 +0100

vim-patch:8.2.3487: illegal memory access if buffer name is very long

Problem:    Illegal memory access if buffer name is very long.
Solution:   Make sure not to go over the end of the buffer.
https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b

Adjust the test to use :noswapfile, as Nvim fails to create the swap file on Windows due to the file
name's length (E303).

We don't have this behaviour on Linux as we get "[Permission denied]" from readfile(), so there is
no attempt to create the swap file. However, Vim doesn't try to create the swap file on Windows
either for a different reason: MAXPATHL in Vim for Windows is only 1024 (compared to Nvim's 4096 on
the Windows CI), so readfile() gives "Illegal file name" instead, thus not needing :noswapfile for
both cases.

Diffstat:

Msrc/nvim/screen.c | 10+++++-----


Msrc/nvim/testdir/test_statusline.vim | 12++++++++++++


2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/src/nvim/screen.c b/src/nvim/screen.c
@@ -5173,19 +5173,19 @@ static void win_redr_status(win_T *wp)
       *(p + len++) = ' ';
     }
     if (bt_help(wp->w_buffer)) {
-      STRCPY(p + len, _("[Help]"));
+      snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Help]"));
       len += (int)STRLEN(p + len);
     }
     if (wp->w_p_pvw) {
-      STRCPY(p + len, _("[Preview]"));
+      snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Preview]"));
       len += (int)STRLEN(p + len);
     }
     if (bufIsChanged(wp->w_buffer)) {
-      STRCPY(p + len, "[+]");
-      len += 3;
+      snprintf((char *)p + len, MAXPATHL - len, "%s", "[+]");
+      len += (int)STRLEN(p + len);
     }
     if (wp->w_buffer->b_p_ro) {
-      STRCPY(p + len, _("[RO]"));
+      snprintf((char *)p + len, MAXPATHL - len, "%s", _("[RO]"));
       // len += (int)STRLEN(p + len);  // dead assignment
     }
 
diff --git a/src/nvim/testdir/test_statusline.vim b/src/nvim/testdir/test_statusline.vim
@@ -523,4 +523,16 @@ func Test_statusline_mbyte_fillchar()
   %bw!
 endfunc
 
+" Used to write beyond allocated memory.  This assumes MAXPATHL is 4096 bytes.
+func Test_statusline_verylong_filename()
+  let fname = repeat('x', 4090)
+  " Nvim's swap file creation fails on Windows (E303) due to fname's length
+  " exe "new " .. fname
+  exe "noswapfile new " .. fname
+  set buftype=help
+  set previewwindow
+  redraw
+  bwipe!
+endfunc
+
 " vim: shiftwidth=2 sts=2 expandtab