To: vim_dev@googlegroups.com
Subject: Patch 7.3.648
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
------------

Patch 7.3.648
Problem:    Crash when using a very long file name. (ZyX)
Solution:   Properly check length of buffer space.
Files:	    src/buffer.c


*** ../vim-7.3.647/src/buffer.c	2012-07-16 17:31:48.000000000 +0200
--- src/buffer.c	2012-09-05 13:17:38.000000000 +0200
***************
*** 3234,3245 ****
  	{
  	    /* format: "fname + (path) (1 of 2) - VIM" */
  
  	    if (curbuf->b_fname == NULL)
! 		vim_strncpy(buf, (char_u *)_("[No Name]"), IOSIZE - 100);
  	    else
  	    {
  		p = transstr(gettail(curbuf->b_fname));
! 		vim_strncpy(buf, p, IOSIZE - 100);
  		vim_free(p);
  	    }
  
--- 3234,3248 ----
  	{
  	    /* format: "fname + (path) (1 of 2) - VIM" */
  
+ #define SPACE_FOR_FNAME (IOSIZE - 100)
+ #define SPACE_FOR_DIR   (IOSIZE - 20)
+ #define SPACE_FOR_ARGNR (IOSIZE - 10)  /* at least room for " - VIM" */
  	    if (curbuf->b_fname == NULL)
! 		vim_strncpy(buf, (char_u *)_("[No Name]"), SPACE_FOR_FNAME);
  	    else
  	    {
  		p = transstr(gettail(curbuf->b_fname));
! 		vim_strncpy(buf, p, SPACE_FOR_FNAME);
  		vim_free(p);
  	    }
  
***************
*** 3263,3269 ****
  		buf[off++] = ' ';
  		buf[off++] = '(';
  		home_replace(curbuf, curbuf->b_ffname,
! 					       buf + off, IOSIZE - off, TRUE);
  #ifdef BACKSLASH_IN_FILENAME
  		/* avoid "c:/name" to be reduced to "c" */
  		if (isalpha(buf[off]) && buf[off + 1] == ':')
--- 3266,3272 ----
  		buf[off++] = ' ';
  		buf[off++] = '(';
  		home_replace(curbuf, curbuf->b_ffname,
! 					buf + off, SPACE_FOR_DIR - off, TRUE);
  #ifdef BACKSLASH_IN_FILENAME
  		/* avoid "c:/name" to be reduced to "c" */
  		if (isalpha(buf[off]) && buf[off + 1] == ':')
***************
*** 3274,3291 ****
  		if (p == buf + off)
  		    /* must be a help buffer */
  		    vim_strncpy(buf + off, (char_u *)_("help"),
! 						  (size_t)(IOSIZE - off - 1));
  		else
  		    *p = NUL;
  
! 		/* translate unprintable chars */
! 		p = transstr(buf + off);
! 		vim_strncpy(buf + off, p, (size_t)(IOSIZE - off - 1));
! 		vim_free(p);
  		STRCAT(buf, ")");
  	    }
  
! 	    append_arg_number(curwin, buf, IOSIZE, FALSE);
  
  #if defined(FEAT_CLIENTSERVER)
  	    if (serverName != NULL)
--- 3277,3304 ----
  		if (p == buf + off)
  		    /* must be a help buffer */
  		    vim_strncpy(buf + off, (char_u *)_("help"),
! 					   (size_t)(SPACE_FOR_DIR - off - 1));
  		else
  		    *p = NUL;
  
! 		/* Translate unprintable chars and concatenate.  Keep some
! 		 * room for the server name.  When there is no room (very long
! 		 * file name) use (...). */
! 		if (off < SPACE_FOR_DIR)
! 		{
! 		    p = transstr(buf + off);
! 		    vim_strncpy(buf + off, p, (size_t)(SPACE_FOR_DIR - off));
! 		    vim_free(p);
! 		}
! 		else
! 		{
! 		    vim_strncpy(buf + off, (char_u *)"...",
! 					     (size_t)(SPACE_FOR_ARGNR - off));
! 		}
  		STRCAT(buf, ")");
  	    }
  
! 	    append_arg_number(curwin, buf, SPACE_FOR_ARGNR, FALSE);
  
  #if defined(FEAT_CLIENTSERVER)
  	    if (serverName != NULL)
*** ../vim-7.3.647/src/version.c	2012-09-05 12:16:40.000000000 +0200
--- src/version.c	2012-09-05 13:29:53.000000000 +0200
***************
*** 721,722 ****
--- 721,724 ----
  {   /* Add new patch number below this line */
+ /**/
+     648,
  /**/

-- 
Q: How does a UNIX Guru do Sex ?
A: unzip;strip;touch;finger;mount;fsck;more;yes;umount;sleep

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\  an exciting new programming language -- http://www.Zimbu.org        ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///