To: vim-dev@vim.org

Subject: patch 7.1.011

Fcc: outbox

From: Bram Moolenaar <Bram@moolenaar.net>

Mime-Version: 1.0

Content-Type: text/plain; charset=ISO-8859-1

Content-Transfer-Encoding: 8bit

------------

Patch 7.1.011

Problem:    Possible buffer overflow when $VIMRUNTIME is very long. (Victor

	    Stinner)

Solution:   Use vim_snprintf().

Files:	    src/main.c

*** ../vim-7.1.010/src/main.c	Thu May 10 21:12:25 2007

--- src/main.c	Sat Jun  9 22:37:46 2007

***************

*** 1360,1367 ****

  	p = vim_getenv((char_u *)"VIMRUNTIME", &mustfree);

  	if (p != NULL && *p != NUL)

  	{

! 	    STRCPY(NameBuff, p);

! 	    STRCAT(NameBuff, "/lang");

  	    bindtextdomain(VIMPACKAGE, (char *)NameBuff);

  	}

  	if (mustfree)

--- 1360,1366 ----

  	p = vim_getenv((char_u *)"VIMRUNTIME", &mustfree);

  	if (p != NULL && *p != NUL)

  	{

! 	    vim_snprintf((char *)NameBuff, MAXPATHL, "%s/lang", p);

  	    bindtextdomain(VIMPACKAGE, (char *)NameBuff);

  	}

  	if (mustfree)

*** ../vim-7.1.010/src/version.c	Tue Jun 19 18:07:52 2007

--- src/version.c	Tue Jun 19 20:29:44 2007

***************

*** 668,669 ****

--- 668,671 ----

  {   /* Add new patch number below this line */

+ /**/

+     11,

  /**/

-- 

   GALAHAD hurries to the door and pushes through it.  As he leaves the room

   we CUT TO the reverse to show that he is now in a room full of bathing

   and romping GIRLIES, all innocent, wide-eyed and beautiful.  They smile

   enchantingly at him as he tries to keep walking without being diverted by

   the lovely sights assaulting his eyeballs.

                 "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\

///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\

\\\        download, build and distribute -- http://www.A-A-P.org        ///

 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///