Mercurial > vim
view src/INSTALLami.txt @ 33660:ca0229869b38 v9.0.2068
patch 9.0.2068: [security] overflow in :history
Commit: https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a
Author: Christian Brabandt <cb@256bit.org>
Date: Thu Oct 26 21:29:32 2023 +0200
patch 9.0.2068: [security] overflow in :history
Problem: [security] overflow in :history
Solution: Check that value fits into int
The get_list_range() function, used to parse numbers for the :history
and :clist command internally uses long variables to store the numbers.
However function arguments are integer pointers, which can then
overflow.
Check that the return value from the vim_str2nr() function is not larger
than INT_MAX and if yes, bail out with an error. I guess nobody uses a
cmdline/clist history that needs so many entries... (famous last words).
It is only a moderate vulnerability, so impact should be low.
Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm
Signed-off-by: Christian Brabandt <cb@256bit.org>
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Thu, 26 Oct 2023 21:45:05 +0200 |
parents | 591f210d9324 |
children |
line wrap: on
line source
INSTALLami.txt - Installation of Vim from source on Amiga and MorphOS This file contains instructions for compiling Vim. If you already have an executable version of Vim, you don't need this. The file "feature.h" can be edited to match your preferences. You can skip this, then you will get the default behavior as is documented, which should be fine for most people. Summary: make -f Make_ami.mak gcc make -f Make_ami.mak CC=vc vbcc Please note that currently only gcc has been tested. VBCC would need its own CFLAGS, but should otherwise work out of the box. For cross-compiling, UNM can be used to override uname and thereby set the target. An example is shown below: make -f Make_ami.mak CC=ppc-morphos-gcc UNM=MorphOS