To: vim-dev@vim.org Subject: patch 7.1.011 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit ------------ Patch 7.1.011 Problem: Possible buffer overflow when $VIMRUNTIME is very long. (Victor Stinner) Solution: Use vim_snprintf(). Files: src/main.c *** ../vim-7.1.010/src/main.c Thu May 10 21:12:25 2007 --- src/main.c Sat Jun 9 22:37:46 2007 *************** *** 1360,1367 **** p = vim_getenv((char_u *)"VIMRUNTIME", &mustfree); if (p != NULL && *p != NUL) { ! STRCPY(NameBuff, p); ! STRCAT(NameBuff, "/lang"); bindtextdomain(VIMPACKAGE, (char *)NameBuff); } if (mustfree) --- 1360,1366 ---- p = vim_getenv((char_u *)"VIMRUNTIME", &mustfree); if (p != NULL && *p != NUL) { ! vim_snprintf((char *)NameBuff, MAXPATHL, "%s/lang", p); bindtextdomain(VIMPACKAGE, (char *)NameBuff); } if (mustfree) *** ../vim-7.1.010/src/version.c Tue Jun 19 18:07:52 2007 --- src/version.c Tue Jun 19 20:29:44 2007 *************** *** 668,669 **** --- 668,671 ---- { /* Add new patch number below this line */ + /**/ + 11, /**/ -- GALAHAD hurries to the door and pushes through it. As he leaves the room we CUT TO the reverse to show that he is now in a room full of bathing and romping GIRLIES, all innocent, wide-eyed and beautiful. They smile enchantingly at him as he tries to keep walking without being diverted by the lovely sights assaulting his eyeballs. "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ download, build and distribute -- http://www.A-A-P.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///