Permalink
Browse files

patch 8.0.0530: buffer overflow when 'columns' is very big

Problem:    Buffer overflow when 'columns' is very big. (Nikolai Pavlov)
Solution:   Correctly compute where to truncate.  Fix translation.
            (closes #1600)
  • Loading branch information...
brammool committed Mar 31, 2017
1 parent 13489b9 commit 658a3a2caf5852d071b6b1be92d9d6614a6208dc
Showing with 47 additions and 10 deletions.
  1. +24 −10 src/edit.c
  2. +21 −0 src/testdir/test_edit.vim
  3. +2 −0 src/version.c
View
@@ -4756,7 +4756,6 @@ ins_compl_next(
int in_compl_func) /* called from complete_check() */
{
int num_matches = -1;
int i;
int todo = count;
compl_T *found_compl = NULL;
int found_end = FALSE;
@@ -4948,15 +4947,30 @@ ins_compl_next(
*/
if (compl_shown_match->cp_fname != NULL)
{
STRCPY(IObuff, "match in file ");
i = (vim_strsize(compl_shown_match->cp_fname) + 16) - sc_col;
if (i <= 0)
i = 0;
else
STRCAT(IObuff, "<");
STRCAT(IObuff, compl_shown_match->cp_fname + i);
msg(IObuff);
redraw_cmdline = FALSE; /* don't overwrite! */
char *lead = _("match in file");
int space = sc_col - vim_strsize((char_u *)lead) - 2;
char_u *s;
char_u *e;
if (space > 0)
{
/* We need the tail that fits. With double-byte encoding going
* back from the end is very slow, thus go from the start and keep
* the text that fits in "space" between "s" and "e". */
for (s = e = compl_shown_match->cp_fname; *e != NUL; MB_PTR_ADV(e))
{
space -= ptr2cells(e);
while (space < 0)
{
space += ptr2cells(s);
MB_PTR_ADV(s);
}
}
vim_snprintf((char *)IObuff, IOSIZE, "%s %s%s", lead,
s > compl_shown_match->cp_fname ? "<" : "", s);
msg(IObuff);
redraw_cmdline = FALSE; /* don't overwrite! */
}
}
return num_matches;
View
@@ -1322,3 +1322,24 @@ func! Test_edit_rightleft()
set norightleft
bw!
endfunc
func Test_edit_complete_very_long_name()
let save_columns = &columns
set columns=5000
call assert_equal(5000, &columns)
set noswapfile
let dirname = getcwd() . "/Xdir"
let longdirname = dirname . repeat('/' . repeat('d', 255), 4)
let longfilename = longdirname . '/' . repeat('a', 255)
call mkdir(longdirname, 'p')
call writefile(['Totum', 'Table'], longfilename)
new
exe "next Xfile " . longfilename
exe "normal iT\<C-N>"
bwipe!
exe 'bwipe! ' . longfilename
call delete(dirname, 'rf')
let &columns = save_columns
set swapfile&
endfunc
View
@@ -764,6 +764,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
530,
/**/
529,
/**/

0 comments on commit 658a3a2

Please sign in to comment.