Mercurial > vim
view src/testdir/test25.in @ 33863:3b8089d550eb v9.0.2141
patch 9.0.2141: [security]: buffer-overflow in suggest_trie_walk
Commit: https://github.com/vim/vim/commit/0fb375aae608d7306b4baf9c1f906961f32e2abf
Author: Christian Brabandt <cb@256bit.org>
Date: Wed Nov 29 10:23:39 2023 +0100
patch 9.0.2141: [security]: buffer-overflow in suggest_trie_walk
Problem: [security]: buffer-overflow in suggest_trie_walk
Solution: Check n before using it as index into byts array
Basically, n as an index into the byts array, can point to beyond the byts
array. So let's double check, that n is within the expected range after
incrementing it from sp->ts_curi and bail out if it would be invalid.
Reported by @henices, thanks!
Signed-off-by: Christian Brabandt <cb@256bit.org>
| author | Christian Brabandt <cb@256bit.org> |
|---|---|
| date | Sun, 10 Dec 2023 15:16:03 +0100 |
| parents | 30bdd2e4a6f9 |
| children |
line wrap: on
line source
Test character classes in regexp using regexpengine 0, 1, 2. STARTTEST /^start-here/+1 Y:s/\%#=0\d//g p:s/\%#=1\d//g p:s/\%#=2\d//g p:s/\%#=0[0-9]//g p:s/\%#=1[0-9]//g p:s/\%#=2[0-9]//g p:s/\%#=0\D//g p:s/\%#=1\D//g p:s/\%#=2\D//g p:s/\%#=0[^0-9]//g p:s/\%#=1[^0-9]//g p:s/\%#=2[^0-9]//g p:s/\%#=0\o//g p:s/\%#=1\o//g p:s/\%#=2\o//g p:s/\%#=0[0-7]//g p:s/\%#=1[0-7]//g p:s/\%#=2[0-7]//g p:s/\%#=0\O//g p:s/\%#=1\O//g p:s/\%#=2\O//g p:s/\%#=0[^0-7]//g p:s/\%#=1[^0-7]//g p:s/\%#=2[^0-7]//g p:s/\%#=0\x//g p:s/\%#=1\x//g p:s/\%#=2\x//g p:s/\%#=0[0-9A-Fa-f]//g p:s/\%#=1[0-9A-Fa-f]//g p:s/\%#=2[0-9A-Fa-f]//g p:s/\%#=0\X//g p:s/\%#=1\X//g p:s/\%#=2\X//g p:s/\%#=0[^0-9A-Fa-f]//g p:s/\%#=1[^0-9A-Fa-f]//g p:s/\%#=2[^0-9A-Fa-f]//g p:s/\%#=0\w//g p:s/\%#=1\w//g p:s/\%#=2\w//g p:s/\%#=0[0-9A-Za-z_]//g p:s/\%#=1[0-9A-Za-z_]//g p:s/\%#=2[0-9A-Za-z_]//g p:s/\%#=0\W//g p:s/\%#=1\W//g p:s/\%#=2\W//g p:s/\%#=0[^0-9A-Za-z_]//g p:s/\%#=1[^0-9A-Za-z_]//g p:s/\%#=2[^0-9A-Za-z_]//g p:s/\%#=0\h//g p:s/\%#=1\h//g p:s/\%#=2\h//g p:s/\%#=0[A-Za-z_]//g p:s/\%#=1[A-Za-z_]//g p:s/\%#=2[A-Za-z_]//g p:s/\%#=0\H//g p:s/\%#=1\H//g p:s/\%#=2\H//g p:s/\%#=0[^A-Za-z_]//g p:s/\%#=1[^A-Za-z_]//g p:s/\%#=2[^A-Za-z_]//g p:s/\%#=0\a//g p:s/\%#=1\a//g p:s/\%#=2\a//g p:s/\%#=0[A-Za-z]//g p:s/\%#=1[A-Za-z]//g p:s/\%#=2[A-Za-z]//g p:s/\%#=0\A//g p:s/\%#=1\A//g p:s/\%#=2\A//g p:s/\%#=0[^A-Za-z]//g p:s/\%#=1[^A-Za-z]//g p:s/\%#=2[^A-Za-z]//g p:s/\%#=0\l//g p:s/\%#=1\l//g p:s/\%#=2\l//g p:s/\%#=0[a-z]//g p:s/\%#=1[a-z]//g p:s/\%#=2[a-z]//g p:s/\%#=0\L//g p:s/\%#=1\L//g p:s/\%#=2\L//g p:s/\%#=0[^a-z]//g p:s/\%#=1[^a-z]//g p:s/\%#=2[^a-z]//g p:s/\%#=0\u//g p:s/\%#=1\u//g p:s/\%#=2\u//g p:s/\%#=0[A-Z]//g p:s/\%#=1[A-Z]//g p:s/\%#=2[A-Z]//g p:s/\%#=0\U//g p:s/\%#=1\U//g p:s/\%#=2\U//g p:s/\%#=0[^A-Z]//g p:s/\%#=1[^A-Z]//g p:s/\%#=2[^A-Z]//g p:s/\%#=0\%204l^\t...//g p:s/\%#=1\%205l^\t...//g p:s/\%#=2\%206l^\t...//g :/^start-here/+1,$wq! test.out ENDTEST start-here !"#$%&'()#+'-./0123456789:;<=>?@ABCDEFGHIXYZ[\]^_`abcdefghiwxyz{|}~€‚›¦±¼ÇÓé