Mercurial > vim
view src/proto/undo.pro @ 33863:3b8089d550eb v9.0.2141
patch 9.0.2141: [security]: buffer-overflow in suggest_trie_walk
Commit: https://github.com/vim/vim/commit/0fb375aae608d7306b4baf9c1f906961f32e2abf
Author: Christian Brabandt <cb@256bit.org>
Date: Wed Nov 29 10:23:39 2023 +0100
patch 9.0.2141: [security]: buffer-overflow in suggest_trie_walk
Problem: [security]: buffer-overflow in suggest_trie_walk
Solution: Check n before using it as index into byts array
Basically, n as an index into the byts array, can point to beyond the byts
array. So let's double check, that n is within the expected range after
incrementing it from sp->ts_curi and bail out if it would be invalid.
Reported by @henices, thanks!
Signed-off-by: Christian Brabandt <cb@256bit.org>
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Sun, 10 Dec 2023 15:16:03 +0100 |
parents | 68a7e6d70a5e |
children | 8303936dbd64 |
line wrap: on
line source
/* undo.c */ int u_save_cursor(void); int u_save(linenr_T top, linenr_T bot); int u_savesub(linenr_T lnum); int u_inssub(linenr_T lnum); int u_savedel(linenr_T lnum, long nlines); int undo_allowed(void); int u_savecommon(linenr_T top, linenr_T bot, linenr_T newbot, int reload); void u_compute_hash(char_u *hash); void u_write_undo(char_u *name, int forceit, buf_T *buf, char_u *hash); void u_read_undo(char_u *name, char_u *hash, char_u *orig_name); void u_undo(int count); void u_redo(int count); void undo_time(long step, int sec, int file, int absolute); void u_sync(int force); void ex_undolist(exarg_T *eap); void ex_undojoin(exarg_T *eap); void u_unchanged(buf_T *buf); void u_find_first_changed(void); void u_update_save_nr(buf_T *buf); void u_clearall(buf_T *buf); void u_clearline(void); void u_undoline(void); void u_blockfree(buf_T *buf); int bufIsChanged(buf_T *buf); int anyBufIsChanged(void); int bufIsChangedNotTerm(buf_T *buf); int curbufIsChanged(void); void f_undofile(typval_T *argvars, typval_T *rettv); void u_undofile_reset_and_delete(buf_T *buf); void f_undotree(typval_T *argvars, typval_T *rettv); /* vim: set ft=c : */