diff --git a/7.1.011 b/7.1.011 new file mode 100644 index 0000000..6322cb1 --- /dev/null +++ b/7.1.011 @@ -0,0 +1,58 @@ +To: vim-dev@vim.org +Subject: patch 7.1.011 +Fcc: outbox +From: Bram Moolenaar +Mime-Version: 1.0 +Content-Type: text/plain; charset=ISO-8859-1 +Content-Transfer-Encoding: 8bit +------------ + +Patch 7.1.011 +Problem: Possible buffer overflow when $VIMRUNTIME is very long. (Victor + Stinner) +Solution: Use vim_snprintf(). +Files: src/main.c + + +*** ../vim-7.1.010/src/main.c Thu May 10 21:12:25 2007 +--- src/main.c Sat Jun 9 22:37:46 2007 +*************** +*** 1360,1367 **** + p = vim_getenv((char_u *)"VIMRUNTIME", &mustfree); + if (p != NULL && *p != NUL) + { +! STRCPY(NameBuff, p); +! STRCAT(NameBuff, "/lang"); + bindtextdomain(VIMPACKAGE, (char *)NameBuff); + } + if (mustfree) +--- 1360,1366 ---- + p = vim_getenv((char_u *)"VIMRUNTIME", &mustfree); + if (p != NULL && *p != NUL) + { +! vim_snprintf((char *)NameBuff, MAXPATHL, "%s/lang", p); + bindtextdomain(VIMPACKAGE, (char *)NameBuff); + } + if (mustfree) +*** ../vim-7.1.010/src/version.c Tue Jun 19 18:07:52 2007 +--- src/version.c Tue Jun 19 20:29:44 2007 +*************** +*** 668,669 **** +--- 668,671 ---- + { /* Add new patch number below this line */ ++ /**/ ++ 11, + /**/ + +-- + GALAHAD hurries to the door and pushes through it. As he leaves the room + we CUT TO the reverse to show that he is now in a room full of bathing + and romping GIRLIES, all innocent, wide-eyed and beautiful. They smile + enchantingly at him as he tries to keep walking without being diverted by + the lovely sights assaulting his eyeballs. + "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD + + /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ +/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ +\\\ download, build and distribute -- http://www.A-A-P.org /// + \\\ help me help AIDS victims -- http://ICCF-Holland.org ///