Mercurial > vim
view READMEdir/README_src.txt @ 33915:a49ae967e9ed v9.0.2158
patch 9.0.2158: [security]: use-after-free in check_argument_type
Commit: https://github.com/vim/vim/commit/0f28791b215bd4c22ed580839409c2f7d39d8140
Author: Christian Brabandt <cb@256bit.org>
Date: Mon Dec 11 17:53:25 2023 +0100
patch 9.0.2158: [security]: use-after-free in check_argument_type
Problem: [security]: use-after-free in check_argument_type
Solution: Reset function type pointer when freeing the function type
list
function pointer fp->uf_func_type may point to the same memory, that was
allocated for fp->uf_type_list. However, when cleaning up a function
definition (e.g. because it was invalid), fp->uf_type_list will be
freed, but fp->uf_func_type may still point to the same (now) invalid
memory address.
So when freeing the fp->uf_type_list, check if fp->func_type points to
any of those types and if it does, reset the fp->uf_func_type pointer to
the t_func_any (default) type pointer
closes: #13652
Signed-off-by: Christian Brabandt <cb@256bit.org>
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Mon, 11 Dec 2023 18:00:03 +0100 |
parents | f8116058ca76 |
children | 4635e43f2c6f |
line wrap: on
line source
README_src.txt for version 9.0 of Vim: Vi IMproved. The source archive contains the files needed to compile Vim on Unix systems. It is packed for Unix systems (NL line separator). For more information, see the README.txt file that comes with the runtime archive (vim-9.0-rt.tar.gz). To be able to run Vim you MUST get the runtime archive too!