patch 9.0.2158: [security]: use-after-free in check_argument_type Commit: https://github.com/vim/vim/commit/0f28791b215bd4c22ed580839409c2f7d39d8140 Author: Christian Brabandt <cb@256bit.org> Date: Mon Dec 11 17:53:25 2023 +0100 patch 9.0.2158: [security]: use-after-free in check_argument_type Problem: [security]: use-after-free in check_argument_type Solution: Reset function type pointer when freeing the function type list function pointer fp->uf_func_type may point to the same memory, that was allocated for fp->uf_type_list. However, when cleaning up a function definition (e.g. because it was invalid), fp->uf_type_list will be freed, but fp->uf_func_type may still point to the same (now) invalid memory address. So when freeing the fp->uf_type_list, check if fp->func_type points to any of those types and if it does, reset the fp->uf_func_type pointer to the t_func_any (default) type pointer closes: #13652 Signed-off-by: Christian Brabandt <cb@256bit.org>

README_src.txt for version 9.0 of Vim: Vi IMproved.

The source archive contains the files needed to compile Vim on Unix systems.
It is packed for Unix systems (NL line separator).

For more information, see the README.txt file that comes with the runtime
archive (vim-9.0-rt.tar.gz).  To be able to run Vim you MUST get the runtime
archive too!