代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/vim 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From 3bd7fa12e146c6051490d048a4acbfba974eeb04 Mon Sep 17 00:00:00 2001
From: Christian Brabandt <cb@256bit.org>
Date: Mon, 2 Oct 2023 20:59:08 +0200
Subject: [PATCH 2156/2205] patch 9.0.1969: [security] buffer-overflow in
trunc_string()
Problem: buffer-overflow in trunc_string()
Solution: Add NULL at end of buffer
Currently trunc_string() assumes that when the string is too long,
buf[e-1] will always be writeable. But that assumption may not always be
true. The condition currently looks like this
else if (e + 3 < buflen)
[...]
else
{
// can't fit in the "...", just truncate it
buf[e - 1] = NUL;
}
but this means, we may run into the last else clause with e still being
larger than buflen. So a buffer overflow occurs.
So instead of using `buf[e - 1]`, let's just always
truncate at `buf[buflen - 1]` which should always be writable.
Signed-off-by: Christian Brabandt <cb@256bit.org>
---
src/message.c | 2 +-
1 files changed, 1 insertions(+), 1 deletion(-)
diff --git a/src/message.c b/src/message.c
index 2fc6cefa9..83c8b4f4a 100644
--- a/src/message.c
+++ b/src/message.c
@@ -353,7 +353,7 @@ trunc_string(
else
{
// can't fit in the "...", just truncate it
- buf[e - 1] = NUL;
+ buf[buflen - 1] = NUL;
}
}
--
2.27.0
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手