Mercurial > vim
annotate ci/config.mk.clang-12.sed @ 33660:ca0229869b38 v9.0.2068
patch 9.0.2068: [security] overflow in :history
Commit: https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a
Author: Christian Brabandt <cb@256bit.org>
Date: Thu Oct 26 21:29:32 2023 +0200
patch 9.0.2068: [security] overflow in :history
Problem: [security] overflow in :history
Solution: Check that value fits into int
The get_list_range() function, used to parse numbers for the :history
and :clist command internally uses long variables to store the numbers.
However function arguments are integer pointers, which can then
overflow.
Check that the return value from the vim_str2nr() function is not larger
than INT_MAX and if yes, bail out with an error. I guess nobody uses a
cmdline/clist history that needs so many entries... (famous last words).
It is only a moderate vulnerability, so impact should be low.
Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm
Signed-off-by: Christian Brabandt <cb@256bit.org>
| author | Christian Brabandt <cb@256bit.org> |
|---|---|
| date | Thu, 26 Oct 2023 21:45:05 +0200 |
| parents | 9b35b4c6df4c |
| children |
| rev | line source |
|---|---|
|
26480
cf986610be6a
patch 8.2.3770: new compiler warnings from clang-12 and clang-13
Bram Moolenaar <Bram@vim.org>
parents:
diff
changeset
|
1 # Clang 12 (or Apple clang 13) and later makes a warning '-Wcompound-token-split-by-macro' enable by default. |
|
33404
9b35b4c6df4c
patch 9.0.1960: Make CI checks more strict
Christian Brabandt <cb@256bit.org>
parents:
26788
diff
changeset
|
2 /^PERL_CFLAGS_EXTRA[[:blank:]]*=/s/$/ -Wno-error=compound-token-split-by-macro -Wno-compound-token-split-by-macro/ |
|
26788
fccd67ae58c8
patch 8.2.3922: cannot build with dynamic Ruby 3.1
Bram Moolenaar <Bram@vim.org>
parents:
26480
diff
changeset
|
3 /^RUBY_CFLAGS_EXTRA[[:blank:]]*=/s/$/ -Wno-error=compound-token-split-by-macro/ |