Mercurial > vim
view src/testdir/dumps/Test_terminal_popup_4.dump @ 33863:3b8089d550eb v9.0.2141
patch 9.0.2141: [security]: buffer-overflow in suggest_trie_walk
Commit: https://github.com/vim/vim/commit/0fb375aae608d7306b4baf9c1f906961f32e2abf
Author: Christian Brabandt <cb@256bit.org>
Date: Wed Nov 29 10:23:39 2023 +0100
patch 9.0.2141: [security]: buffer-overflow in suggest_trie_walk
Problem: [security]: buffer-overflow in suggest_trie_walk
Solution: Check n before using it as index into byts array
Basically, n as an index into the byts array, can point to beyond the byts
array. So let's double check, that n is within the expected range after
incrementing it from sp->ts_curi and bail out if it would be invalid.
Reported by @henices, thanks!
Signed-off-by: Christian Brabandt <cb@256bit.org>
| author | Christian Brabandt <cb@256bit.org> |
|---|---|
| date | Sun, 10 Dec 2023 15:16:03 +0100 |
| parents | 18fc30542bf5 |
| children |
line wrap: on
line source
|3+0&#ffffff0| @12|╔+0&#a8a8a8255|═@44|╗| +0&#ffffff0@13 |4| @12|║+0&#a8a8a8255|s|o|m|e| |t|e|x|t| @35|║| +0&#ffffff0@13 |5| @12|║+0&#a8a8a8255|t|o| |e+0&#ffff4012|d|i|t| +0&#a8a8a8255@37|║| +0&#ffffff0@13 |6| @12|║+0&#a8a8a8255|i|n| |a| |p|o|p|u|p| |w|i|n|d|o|w| @27|║| +0&#ffffff0@13 |7| @12|║+0&#a8a8a8255|~+0#4040ff13&| @43|║+0#0000000&| +0&#ffffff0@13 |8| @12|║+0&#a8a8a8255|~+0#4040ff13&| @43|║+0#0000000&| +0&#ffffff0@13 |9| @12|║+0&#a8a8a8255|~+0#4040ff13&| @43|║+0#0000000&| +0&#ffffff0@13 |1|0| @11|║+0&#a8a8a8255|/|e|d|i|t| @21|2|,|4| @10|A|l@1| |║| +0&#ffffff0@13 |1@1| @11|╚+0&#a8a8a8255|═@44|⇲| +0&#ffffff0@13 |1|2| @72 |1|3| @72 |E+0#ffffff16#e000002|r@1|o|r| |d|e|t|e|c|t|e|d| |w|h|i|l|e| |p|r|o|c|e|s@1|i|n|g| |f|u|n|c|t|i|o|n| |H|i|d|e|P|o|p|u|p|:| +0#0000000#ffffff0@23 |l+0#af5f00255&|i|n|e| @3|1|:| +0#0000000&@64 |E+0#ffffff16#e000002|8|6|3|:| |N|o|t| |a|l@1|o|w|e|d| |f|o|r| |a| |t|e|r|m|i|n|a|l| |i|n| |a| |p|o|p|u|p| |w|i|n|d|o|w| +0#0000000#ffffff0@24 |P+0#00e0003&|r|e|s@1| |E|N|T|E|R| |o|r| |t|y|p|e| |c|o|m@1|a|n|d| |t|o| |c|o|n|t|i|n|u|e> +0#0000000&@35