commit ad5bced63798b99d3e423414ac3ca3ebdc02cbc2
parent f1422a313fa57c8c7045163aa209a9fd9166fe5a
Author: zeertzjq <zeertzjq@outlook.com>
Date: Sat, 15 Mar 2025 08:14:31 +0800
vim-patch:8.2.4963: expanding path with "/**" may overrun end of buffer
Problem: Expanding path with "/**" may overrun end of buffer.
Solution: Use vim_snprintf().
https://github.com/vim/vim/commit/386c24cd262edac66a31add2fd989c96c4c2c952
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Diffstat:
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/nvim/path.c b/src/nvim/path.c
@@ -627,7 +627,8 @@ static size_t do_path_expand(garray_T *gap, const char *path, size_t wildoff, in
// Make room for file name. When doing encoding conversion the actual
// length may be quite a bit longer, thus use the maximum possible length.
- char *buf = xmalloc(MAXPATHL);
+ const size_t buflen = MAXPATHL;
+ char *buf = xmalloc(buflen);
// Find the first part in the path name that contains a wildcard.
// When EW_ICASE is set every letter is considered to be a wildcard.
@@ -745,14 +746,13 @@ static size_t do_path_expand(garray_T *gap, const char *path, size_t wildoff, in
if (starstar && stardepth < 100) {
// For "**" in the pattern first go deeper in the tree to
// find matches.
- STRCPY(buf + len, "/**"); // NOLINT
- STRCPY(buf + len + 3, path_end);
+ vim_snprintf(buf + len, buflen - len, "/**%s", path_end); // NOLINT
stardepth++;
do_path_expand(gap, buf, len + 1, flags, true);
stardepth--;
}
- STRCPY(buf + len, path_end);
+ vim_snprintf(buf + len, buflen - len, "%s", path_end);
if (path_has_exp_wildcard(path_end)) { // handle more wildcards
// need to expand another component of the path
// remove backslashes for the remaining components only
