Blob Blame History Raw
To: vim-dev@vim.org
Subject: patch 7.1.011
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
------------

Patch 7.1.011
Problem:    Possible buffer overflow when $VIMRUNTIME is very long. (Victor
	    Stinner)
Solution:   Use vim_snprintf().
Files:	    src/main.c


*** ../vim-7.1.010/src/main.c	Thu May 10 21:12:25 2007
--- src/main.c	Sat Jun  9 22:37:46 2007
***************
*** 1360,1367 ****
  	p = vim_getenv((char_u *)"VIMRUNTIME", &mustfree);
  	if (p != NULL && *p != NUL)
  	{
! 	    STRCPY(NameBuff, p);
! 	    STRCAT(NameBuff, "/lang");
  	    bindtextdomain(VIMPACKAGE, (char *)NameBuff);
  	}
  	if (mustfree)
--- 1360,1366 ----
  	p = vim_getenv((char_u *)"VIMRUNTIME", &mustfree);
  	if (p != NULL && *p != NUL)
  	{
! 	    vim_snprintf((char *)NameBuff, MAXPATHL, "%s/lang", p);
  	    bindtextdomain(VIMPACKAGE, (char *)NameBuff);
  	}
  	if (mustfree)
*** ../vim-7.1.010/src/version.c	Tue Jun 19 18:07:52 2007
--- src/version.c	Tue Jun 19 20:29:44 2007
***************
*** 668,669 ****
--- 668,671 ----
  {   /* Add new patch number below this line */
+ /**/
+     11,
  /**/

-- 
   GALAHAD hurries to the door and pushes through it.  As he leaves the room
   we CUT TO the reverse to show that he is now in a room full of bathing
   and romping GIRLIES, all innocent, wide-eyed and beautiful.  They smile
   enchantingly at him as he tries to keep walking without being diverted by
   the lovely sights assaulting his eyeballs.
                 "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\        download, build and distribute -- http://www.A-A-P.org        ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///