patch 9.0.2158: [security]: use-after-free in check_argument_type Commit: https://github.com/vim/vim/commit/0f28791b215bd4c22ed580839409c2f7d39d8140 Author: Christian Brabandt <cb@256bit.org> Date: Mon Dec 11 17:53:25 2023 +0100 patch 9.0.2158: [security]: use-after-free in check_argument_type Problem: [security]: use-after-free in check_argument_type Solution: Reset function type pointer when freeing the function type list function pointer fp->uf_func_type may point to the same memory, that was allocated for fp->uf_type_list. However, when cleaning up a function definition (e.g. because it was invalid), fp->uf_type_list will be freed, but fp->uf_func_type may still point to the same (now) invalid memory address. So when freeing the fp->uf_type_list, check if fp->func_type points to any of those types and if it does, reset the fp->uf_func_type pointer to the t_func_any (default) type pointer closes: #13652 Signed-off-by: Christian Brabandt <cb@256bit.org>

README_bindos.txt for version 9.0 of Vim: Vi IMproved.

See "README.txt" for general information about Vim.
See "README_dos.txt" for installation instructions for MS-DOS and MS-Windows.
These files are in the runtime archive (vim90rt.zip).


There are several binary distributions of Vim for the PC.  You would normally
pick only one of them, but it's also possible to install several.
These ones are available (the version number may differ):
	vim90w32.zip	Windows 95/98/NT/etc. console version
	gvim90.zip	Windows 95/98/NT/etc. GUI version
	gvim90ole.zip	Windows 95/98/NT/etc. GUI version with OLE

You MUST also get the runtime archive (vim90rt.zip).
The sources are also available (vim90src.zip).