Mercurial > vim
view src/testdir/test_mksession_utf8.vim @ 33863:3b8089d550eb v9.0.2141
patch 9.0.2141: [security]: buffer-overflow in suggest_trie_walk
Commit: https://github.com/vim/vim/commit/0fb375aae608d7306b4baf9c1f906961f32e2abf
Author: Christian Brabandt <cb@256bit.org>
Date: Wed Nov 29 10:23:39 2023 +0100
patch 9.0.2141: [security]: buffer-overflow in suggest_trie_walk
Problem: [security]: buffer-overflow in suggest_trie_walk
Solution: Check n before using it as index into byts array
Basically, n as an index into the byts array, can point to beyond the byts
array. So let's double check, that n is within the expected range after
incrementing it from sp->ts_curi and bail out if it would be invalid.
Reported by @henices, thanks!
Signed-off-by: Christian Brabandt <cb@256bit.org>
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Sun, 10 Dec 2023 15:16:03 +0100 |
parents | 6990c1160ea5 |
children |
line wrap: on
line source
" Test for :mksession, :mkview and :loadview in utf-8 encoding set encoding=utf-8 scriptencoding utf-8 source check.vim CheckFeature mksession func Test_mksession_utf8() tabnew let wrap_save = &wrap set sessionoptions=buffers splitbelow fileencoding=utf-8 call setline(1, [ \ 'start:', \ 'no multibyte chAracter', \ ' one leaDing tab', \ ' four leadinG spaces', \ 'two consecutive tabs', \ 'two tabs in one line', \ 'one … multibyteCharacter', \ 'a “b” two multiByte characters', \ '“c”1€ three mulTibyte characters' \ ]) let tmpfile = tempname() exec 'w! ' . tmpfile /^start: set wrap vsplit norm! j16| split norm! j16| split norm! j16| split norm! j8| split norm! j8| split norm! j16| split norm! j16| split norm! j16| wincmd l set nowrap /^start: norm! j16|3zl split norm! j016|3zl split norm! j016|3zl split norm! j08|3zl split norm! j08|3zl split norm! j016|3zl split norm! j016|3zl split norm! j016|3zl split call wincol() mksession! test_mks.out let li = filter(readfile('test_mks.out'), 'v:val =~# "\\(^ *normal! 0\\|^ *exe ''normal!\\)"') let expected =<< trim [DATA] normal! 016| normal! 016| normal! 016| normal! 08| normal! 08| normal! 016| normal! 016| normal! 016| exe 'normal! ' . s:c . '|zs' . 16 . '|' normal! 016| exe 'normal! ' . s:c . '|zs' . 16 . '|' normal! 016| exe 'normal! ' . s:c . '|zs' . 16 . '|' normal! 016| exe 'normal! ' . s:c . '|zs' . 8 . '|' normal! 08| exe 'normal! ' . s:c . '|zs' . 8 . '|' normal! 08| exe 'normal! ' . s:c . '|zs' . 16 . '|' normal! 016| exe 'normal! ' . s:c . '|zs' . 16 . '|' normal! 016| exe 'normal! ' . s:c . '|zs' . 16 . '|' normal! 016| exe 'normal! ' . s:c . '|zs' . 16 . '|' normal! 016| [DATA] call assert_equal(expected, li) tabclose! call delete('test_mks.out') call delete(tmpfile) let &wrap = wrap_save set sessionoptions& splitbelow& fileencoding& endfunc " vim: shiftwidth=2 sts=2 expandtab