patch 8.0.0530: buffer overflow when 'columns' is very big

Problem: Buffer overflow when 'columns' is very big. (Nikolai Pavlov) Solution: Correctly compute where to truncate. Fix translation. (closes #1600)
vim · Mar 31, 2017 · 658a3a2 · 658a3a2
1 parent 13489b9
commit 658a3a2
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 10 deletions.
diff --git a/src/edit.c b/src/edit.c
@@ -4756,7 +4756,6 @@ ins_compl_next(
     int	    in_compl_func)	/* called from complete_check() */
 {
     int	    num_matches = -1;
-    int	    i;
     int	    todo = count;
     compl_T *found_compl = NULL;
     int	    found_end = FALSE;
@@ -4948,15 +4947,30 @@ ins_compl_next(
      */
     if (compl_shown_match->cp_fname != NULL)
     {
-	STRCPY(IObuff, "match in file ");
+	char	*lead = _("match in file");
-	i = (vim_strsize(compl_shown_match->cp_fname) + 16) - sc_col;
+	int	space = sc_col - vim_strsize((char_u *)lead) - 2;
-	if (i <= 0)
+	char_u	*s;
-	    i = 0;
+	char_u	*e;
-	else
+
-	    STRCAT(IObuff, "<");
+	if (space > 0)
-	STRCAT(IObuff, compl_shown_match->cp_fname + i);
+	{
-	msg(IObuff);
+	    /* We need the tail that fits.  With double-byte encoding going
-	redraw_cmdline = FALSE;	    /* don't overwrite! */
+	     * back from the end is very slow, thus go from the start and keep
+	     * the text that fits in "space" between "s" and "e". */
+	    for (s = e = compl_shown_match->cp_fname; *e != NUL; MB_PTR_ADV(e))
+	    {
+		space -= ptr2cells(e);
+		while (space < 0)
+		{
+		    space += ptr2cells(s);
+		    MB_PTR_ADV(s);
+		}
+	    }
+	    vim_snprintf((char *)IObuff, IOSIZE, "%s %s%s", lead,
+				s > compl_shown_match->cp_fname ? "<" : "", s);
+	    msg(IObuff);
+	    redraw_cmdline = FALSE;	    /* don't overwrite! */
+	}
     }
 
     return num_matches;

diff --git a/src/testdir/test_edit.vim b/src/testdir/test_edit.vim
@@ -1322,3 +1322,24 @@ func! Test_edit_rightleft()
   set norightleft
   bw!
 endfunc
+
+func Test_edit_complete_very_long_name()
+  let save_columns = &columns
+  set columns=5000
+  call assert_equal(5000, &columns)
+  set noswapfile
+  let dirname = getcwd() . "/Xdir"
+  let longdirname = dirname . repeat('/' . repeat('d', 255), 4)
+  let longfilename = longdirname . '/' . repeat('a', 255)
+  call mkdir(longdirname, 'p')
+  call writefile(['Totum', 'Table'], longfilename)
+  new
+  exe "next Xfile " . longfilename
+  exe "normal iT\<C-N>"
+
+  bwipe!
+  exe 'bwipe! ' . longfilename
+  call delete(dirname, 'rf')
+  let &columns = save_columns
+  set swapfile&
+endfunc
diff --git a/src/version.c b/src/version.c
@@ -764,6 +764,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    530,
 /**/
     529,
 /**/