- Notifications
You must be signed in to change notification settings - Fork31
Open
Description
Nvy crashes due to heap corruption when built with MSVC as Debug build.
You can easily find the problem when you run it under ApplicationVerifier, with "heap" checking enabled. The bug is in string handling. This patch fixes it for me:
diff --git a/src/main.cpp b/src/main.cppindex 3a51802..61f73a0 100644--- a/src/main.cpp+++ b/src/main.cpp@@ -475,8 +475,8 @@ int WINAPI wWinMain(_In_ HINSTANCE instance, _In_opt_ HINSTANCE prev_instance, _ MessageBoxA(NULL, "ERROR: File path too long", "Nvy", MB_OK | MB_ICONERROR); return 1; }-size_t tmp_len = sizeof(wchar_t) * (nvim_cmd_len + arg_len + 4);-wchar_t *tmp = static_cast<wchar_t *>(realloc(nvim_cmd, tmp_len));+size_t tmp_len = nvim_cmd_len + arg_len + 4;+wchar_t *tmp = static_cast<wchar_t *>(realloc(nvim_cmd, sizeof(wchar_t) * tmp_len)); if (tmp) { nvim_cmd = tmp; nvim_cmd_len = tmp_len;From very basic look, I assume the bug only happens in Debug build due to some wcscat_s() debug feature - e.g. it always fills the entire buffer you give it. Since you passtmp_len ascount of characters, first wscat_s intotmp buffer withtmp_len overflows the buffer.
Metadata
Metadata
Assignees
Labels
No labels