Mercurial > vim

view src/os_w32dll.c @ 33915:a49ae967e9ed v9.0.2158

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 9.0.2158: [security]: use-after-free in check_argument_type Commit: https://github.com/vim/vim/commit/0f28791b215bd4c22ed580839409c2f7d39d8140 Author: Christian Brabandt <cb@256bit.org> Date: Mon Dec 11 17:53:25 2023 +0100 patch 9.0.2158: [security]: use-after-free in check_argument_type Problem: [security]: use-after-free in check_argument_type Solution: Reset function type pointer when freeing the function type list function pointer fp->uf_func_type may point to the same memory, that was allocated for fp->uf_type_list. However, when cleaning up a function definition (e.g. because it was invalid), fp->uf_type_list will be freed, but fp->uf_func_type may still point to the same (now) invalid memory address. So when freeing the fp->uf_type_list, check if fp->func_type points to any of those types and if it does, reset the fp->uf_func_type pointer to the t_func_any (default) type pointer closes: #13652 Signed-off-by: Christian Brabandt <cb@256bit.org>
author Christian Brabandt <cb@256bit.org>
date Mon, 11 Dec 2023 18:00:03 +0100
parents 7ae2396cef62
children 91c0999849ee
line wrap: on
line source

/* vi:set ts=8 sts=4 sw=4 noet:
 *
 * VIM - Vi IMproved		by Bram Moolenaar
 *
 * Do ":help uganda"  in Vim to read copying and usage conditions.
 * Do ":help credits" in Vim to see a list of people who contributed.
 * See README.txt for an overview of the Vim source code.
 */
/*
 * Windows GUI: main program (DLL) entry point:
 *
 * Ron Aaron <ronaharon@yahoo.com> wrote this and the DLL support code.
 * Adapted by Ken Takata.
 */
#ifndef WIN32_LEAN_AND_MEAN
# define WIN32_LEAN_AND_MEAN
#endif
#include <windows.h>

void SaveInst(HINSTANCE hInst);

BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
    if (fdwReason == DLL_PROCESS_ATTACH)
	SaveInst(hinstDLL);
    return TRUE;
}