Mercurial > vim

diff src/search.c @ 36023:f1fd19e38507 v9.1.0689

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 9.1.0689: [security]: buffer-overflow in do_search() with 'rightleft' Commit: https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc4bc33eccbae3 Author: Christian Brabandt <cb@256bit.org> Date: Thu Aug 22 21:40:14 2024 +0200 patch 9.1.0689: [security]: buffer-overflow in do_search() with 'rightleft' Problem: buffer-overflow in do_search() with 'rightleft' (SuyueGuo) Solution: after reversing the text (which allocates a new buffer), re-calculate the text length Github Advisory: https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm Signed-off-by: Christian Brabandt <cb@256bit.org>
author Christian Brabandt <cb@256bit.org>
date Thu, 22 Aug 2024 22:15:02 +0200
parents ca3fb3031ffb
children 7e690bd1a27d
line wrap: on
line diff
--- a/src/search.c
+++ b/src/search.c
@@ -1548,6 +1548,7 @@ do_search(
 			{
 			    vim_free(msgbuf);
 			    msgbuf = r;
+			    msgbuflen = STRLEN(msgbuf);
 			    // move reversed text to beginning of buffer
 			    while (*r != NUL && *r == ' ')
 				r++;