To: vim_dev@googlegroups.com
Subject: Patch 8.2.4963
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
------------

Patch 8.2.4963
Problem:    Expanding path with "/**" may overrun end of buffer.
Solution:   Use vim_snprintf().
Files:      src/filepath.c


*** ../vim-8.2.4962/src/filepath.c	2022-05-09 20:09:19.286641426 +0100
--- src/filepath.c	2022-05-16 12:33:32.106956008 +0100
***************
*** 3589,3594 ****
--- 3589,3595 ----
      int		didstar)	// expanded "**" once already
  {
      char_u	*buf;
+     size_t	buflen;
      char_u	*path_end;
      char_u	*p, *s, *e;
      int		start_len = gap->ga_len;
***************
*** 3612,3618 ****
      }
  
      // make room for file name
!     buf = alloc(STRLEN(path) + BASENAMELEN + 5);
      if (buf == NULL)
  	return 0;
  
--- 3613,3620 ----
      }
  
      // make room for file name
!     buflen = STRLEN(path) + BASENAMELEN + 5;
!     buf = alloc(buflen);
      if (buf == NULL)
  	return 0;
  
***************
*** 3737,3750 ****
  		{
  		    // For "**" in the pattern first go deeper in the tree to
  		    // find matches.
! 		    STRCPY(buf + len, "/**");
! 		    STRCPY(buf + len + 3, path_end);
  		    ++stardepth;
  		    (void)unix_expandpath(gap, buf, len + 1, flags, TRUE);
  		    --stardepth;
  		}
  
! 		STRCPY(buf + len, path_end);
  		if (mch_has_exp_wildcard(path_end)) // handle more wildcards
  		{
  		    // need to expand another component of the path
--- 3739,3752 ----
  		{
  		    // For "**" in the pattern first go deeper in the tree to
  		    // find matches.
! 		    vim_snprintf((char *)buf + len, buflen - len,
! 							    "/**%s", path_end);
  		    ++stardepth;
  		    (void)unix_expandpath(gap, buf, len + 1, flags, TRUE);
  		    --stardepth;
  		}
  
! 		vim_snprintf((char *)buf + len, buflen - len, "%s", path_end);
  		if (mch_has_exp_wildcard(path_end)) // handle more wildcards
  		{
  		    // need to expand another component of the path
*** ../vim-8.2.4962/src/version.c	2022-05-16 11:14:05.106515306 +0100
--- src/version.c	2022-05-16 12:34:26.894908947 +0100
***************
*** 748,749 ****
--- 748,751 ----
  {   /* Add new patch number below this line */
+ /**/
+     4963,
  /**/

-- 
hundred-and-one symptoms of being an internet addict:
211. Your husband leaves you...taking the computer with him and you
     call him crying, and beg him to bring the computer back.

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
///                                                                      \\\
\\\        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///