view src/testdir/dumps/Test_terminal_popup_4.dump @ 33863:3b8089d550eb v9.0.2141

patch 9.0.2141: [security]: buffer-overflow in suggest_trie_walk Commit: https://github.com/vim/vim/commit/0fb375aae608d7306b4baf9c1f906961f32e2abf Author: Christian Brabandt <cb@256bit.org> Date: Wed Nov 29 10:23:39 2023 +0100 patch 9.0.2141: [security]: buffer-overflow in suggest_trie_walk Problem: [security]: buffer-overflow in suggest_trie_walk Solution: Check n before using it as index into byts array Basically, n as an index into the byts array, can point to beyond the byts array. So let's double check, that n is within the expected range after incrementing it from sp->ts_curi and bail out if it would be invalid. Reported by @henices, thanks! Signed-off-by: Christian Brabandt <cb@256bit.org>
author Christian Brabandt <cb@256bit.org>
date Sun, 10 Dec 2023 15:16:03 +0100
parents 18fc30542bf5
children
line wrap: on
line source

|3+0&#ffffff0| @12|╔+0&#a8a8a8255|═@44|╗| +0&#ffffff0@13
|4| @12|║+0&#a8a8a8255|s|o|m|e| |t|e|x|t| @35|║| +0&#ffffff0@13
|5| @12|║+0&#a8a8a8255|t|o| |e+0&#ffff4012|d|i|t| +0&#a8a8a8255@37|║| +0&#ffffff0@13
|6| @12|║+0&#a8a8a8255|i|n| |a| |p|o|p|u|p| |w|i|n|d|o|w| @27|║| +0&#ffffff0@13
|7| @12|║+0&#a8a8a8255|~+0#4040ff13&| @43|║+0#0000000&| +0&#ffffff0@13
|8| @12|║+0&#a8a8a8255|~+0#4040ff13&| @43|║+0#0000000&| +0&#ffffff0@13
|9| @12|║+0&#a8a8a8255|~+0#4040ff13&| @43|║+0#0000000&| +0&#ffffff0@13
|1|0| @11|║+0&#a8a8a8255|/|e|d|i|t| @21|2|,|4| @10|A|l@1| |║| +0&#ffffff0@13
|1@1| @11|╚+0&#a8a8a8255|═@44|⇲| +0&#ffffff0@13
|1|2| @72
|1|3| @72
|E+0#ffffff16#e000002|r@1|o|r| |d|e|t|e|c|t|e|d| |w|h|i|l|e| |p|r|o|c|e|s@1|i|n|g| |f|u|n|c|t|i|o|n| |H|i|d|e|P|o|p|u|p|:| +0#0000000#ffffff0@23
|l+0#af5f00255&|i|n|e| @3|1|:| +0#0000000&@64
|E+0#ffffff16#e000002|8|6|3|:| |N|o|t| |a|l@1|o|w|e|d| |f|o|r| |a| |t|e|r|m|i|n|a|l| |i|n| |a| |p|o|p|u|p| |w|i|n|d|o|w| +0#0000000#ffffff0@24
|P+0#00e0003&|r|e|s@1| |E|N|T|E|R| |o|r| |t|y|p|e| |c|o|m@1|a|n|d| |t|o| |c|o|n|t|i|n|u|e> +0#0000000&@35