Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit c6eb1f4

Browse filesBrowse files
abdelhakeemblueyed
abdelhakeem
authored and
blueyed
committed
API: fix nvim_command_output buffer overflow (#10830)
Fixes #10829.
1 parent ed28668 commit c6eb1f4
Copy full SHA for c6eb1f4

File tree

2 files changed

+6
-1
lines changed
Filter options

2 files changed

+6
-1
lines changed

‎src/nvim/api/vim.c

Copy file name to clipboardExpand all lines: src/nvim/api/vim.c
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -364,7 +364,7 @@ String nvim_command_output(String command, Error *err)
364364
};
365365
// redir usually (except :echon) prepends a newline.
366366
if (s.data[0] == '\n') {
367-
memmove(s.data, s.data + 1, s.size);
367+
memmove(s.data, s.data + 1, s.size - 1);
368368
s.data[s.size - 1] = '\0';
369369
s.size = s.size - 1;
370370
}

‎test/functional/api/vim_spec.lua

Copy file name to clipboardExpand all lines: test/functional/api/vim_spec.lua
+5Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -178,6 +178,11 @@ describe('API', function()
178178
-- Verify NO hit-enter prompt.
179179
eq({mode='n', blocking=false}, nvim("get_mode"))
180180
end)
181+
182+
it('Does not cause heap buffer overflow with large output', function()
183+
eq(eval('string(range(1000000))'),
184+
nvim('command_output', 'echo range(1000000)'))
185+
end)
181186
end)
182187

183188
describe('nvim_eval', function()

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.