43 lines
1.2 KiB
Diff
43 lines
1.2 KiB
Diff
diff --git a/src/structs.h b/src/structs.h
|
|
index 75ad127..d6763ab 100644
|
|
--- a/src/structs.h
|
|
+++ b/src/structs.h
|
|
@@ -4422,3 +4422,6 @@ typedef struct {
|
|
char wt_variable; // "variable" when TRUE, "argument" otherwise
|
|
} where_T;
|
|
|
|
+// Return the length of a string literal
|
|
+#define STRLEN_LITERAL(s) (sizeof(s) - 1)
|
|
+
|
|
diff --git a/src/tag.c b/src/tag.c
|
|
index 37ed66c..c305f25 100644
|
|
--- a/src/tag.c
|
|
+++ b/src/tag.c
|
|
@@ -2912,7 +2912,7 @@ get_tagfname(
|
|
if (tnp->tn_hf_idx > tag_fnames.ga_len || *p_hf == NUL)
|
|
return FAIL;
|
|
++tnp->tn_hf_idx;
|
|
- STRCPY(buf, p_hf);
|
|
+ vim_strncpy(buf, p_hf, MAXPATHL - 1);
|
|
STRCPY(gettail(buf), "tags");
|
|
#ifdef BACKSLASH_IN_FILENAME
|
|
slash_adjust(buf);
|
|
diff --git a/src/testdir/test_help.vim b/src/testdir/test_help.vim
|
|
index c8ff5b8..6a45194 100644
|
|
--- a/src/testdir/test_help.vim
|
|
+++ b/src/testdir/test_help.vim
|
|
@@ -131,5 +131,13 @@ func Test_help_long_argument()
|
|
endtry
|
|
endfunc
|
|
|
|
+" This caused a buffer overflow
|
|
+func Test_helpfile_overflow()
|
|
+ let _helpfile = &helpfile
|
|
+ let &helpfile = repeat('A', 5000)
|
|
+ help
|
|
+ helpclose
|
|
+ let &helpfile = _helpfile
|
|
+endfunc
|
|
|
|
" vim: shiftwidth=2 sts=2 expandtab
|