Mercurial > vim
view src/proto/alloc.pro @ 33772:7624df087ebf v9.0.2106
patch 9.0.2106: [security]: Use-after-free in win_close()
Commit: https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a
Author: Christian Brabandt <cb@256bit.org>
Date: Tue Nov 14 19:31:34 2023 +0100
patch 9.0.2106: [security]: Use-after-free in win_close()
Problem: [security]: Use-after-free in win_close()
Solution: Check window is valid, before accessing it
If the current window structure is no longer valid (because a previous
autocommand has already freed this window), fail and return before
attempting to set win->w_closing variable.
Add a test to trigger ASAN in CI
Signed-off-by: Christian Brabandt <cb@256bit.org>
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Thu, 16 Nov 2023 22:15:05 +0100 |
parents | 3626ca6a20ea |
children |
line wrap: on
line source
/* alloc.c */ void vim_mem_profile_dump(void); int alloc_does_fail(size_t size); void *alloc(size_t size); void *alloc_id(size_t size, alloc_id_T id); void *alloc_clear(size_t size); void *alloc_clear_id(size_t size, alloc_id_T id); void *lalloc_clear(size_t size, int message); void *lalloc(size_t size, int message); void *lalloc_id(size_t size, int message, alloc_id_T id); void *mem_realloc(void *ptr, size_t size); void do_outofmem_msg(size_t size); void free_all_mem(void); char_u *vim_memsave(char_u *p, size_t len); void vim_free(void *x); void ga_clear(garray_T *gap); void ga_clear_strings(garray_T *gap); int ga_copy_strings(garray_T *from, garray_T *to); void ga_init(garray_T *gap); void ga_init2(garray_T *gap, size_t itemsize, int growsize); int ga_grow(garray_T *gap, int n); int ga_grow_id(garray_T *gap, int n, alloc_id_T id); int ga_grow_inner(garray_T *gap, int n); char_u *ga_concat_strings(garray_T *gap, char *sep); int ga_copy_string(garray_T *gap, char_u *p); int ga_add_string(garray_T *gap, char_u *p); void ga_concat(garray_T *gap, char_u *s); void ga_concat_len(garray_T *gap, char_u *s, size_t len); int ga_append(garray_T *gap, int c); void append_ga_line(garray_T *gap); /* vim: set ft=c : */