Mercurial > vim

diff src/ex_cmds.c @ 33187:201c54cdde82 v9.0.1873

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 9.0.1873: [security] heap-buffer-overflow in vim_regsub_both Commit: https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93 Author: Christian Brabandt <cb@256bit.org> Date: Tue Sep 5 20:18:06 2023 +0200 patch 9.0.1873: [security] heap-buffer-overflow in vim_regsub_both Problem: heap-buffer-overflow in vim_regsub_both Solution: Disallow exchanging windows when textlock is active Signed-off-by: Christian Brabandt <cb@256bit.org>
author Christian Brabandt <cb@256bit.org>
date Tue, 05 Sep 2023 20:30:04 +0200
parents 0db7088b659e
children def9fc5c92d1
line wrap: on
line diff
--- a/src/ex_cmds.c
+++ b/src/ex_cmds.c
@@ -4519,6 +4519,9 @@ ex_substitute(exarg_T *eap)
 		{
 		    nmatch = curbuf->b_ml.ml_line_count - sub_firstlnum + 1;
 		    skip_match = TRUE;
+		    // safety check
+		    if (nmatch < 0)
+			goto skip;
 		}
 
 		// Need room for: