Mercurial > vim

diff src/quickfix.c @ 33802:b857615e5d42 v9.0.2117

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 9.0.2117: [security] use-after-free in qf_free_items Commit: https://github.com/vim/vim/commit/567cae2630a51efddc07eacff3b38a295e1f5671 Author: Christian Brabandt <cb@256bit.org> Date: Sun Nov 19 16:19:27 2023 +0100 patch 9.0.2117: [security] use-after-free in qf_free_items Problem: [security] use-after-free in qf_free_items Solution: only access qfpnext, if it hasn't been freed Coverity discovered a possible use-after-free in qf_free_items. When freeing the qfline items, we may access freed memory, when qfp == qfpnext. So only access qfpnext, when it hasn't been freed. Signed-off-by: Christian Brabandt <cb@256bit.org>
author Christian Brabandt <cb@256bit.org>
date Tue, 21 Nov 2023 20:15:05 +0100
parents 20d09cced45f
children 3b654f4462c5
line wrap: on
line diff
--- a/src/quickfix.c
+++ b/src/quickfix.c
@@ -4000,8 +4000,9 @@ qf_free_items(qf_list_T *qfl)
 		// to avoid crashing when it's wrong.
 		// TODO: Avoid qf_count being incorrect.
 		qfl->qf_count = 1;
+	    else
+		qfl->qf_start = qfpnext;
 	}
-	qfl->qf_start = qfpnext;
 	--qfl->qf_count;
     }