Mercurial > vim
view READMEdir/README_unix.txt @ 33865:8cdb69ea3711 v9.0.2143
patch 9.0.2143: [security]: buffer-overflow in ex_substitute
Commit: https://github.com/vim/vim/commit/abfa13ebe92d81aaf66669c428d767847b577453
Author: Christian Brabandt <cb@256bit.org>
Date: Thu Nov 30 11:32:18 2023 +0100
patch 9.0.2143: [security]: buffer-overflow in ex_substitute
Problem: [security]: buffer-overflow in ex_substitute
Solution: clear memory after allocating
When allocating the new_start pointer in ex_substitute() the memory
pointer points to some garbage that the following for loop in
ex_cmds.c:4743 confuses and causes it to accessing the new_start pointer
beyond it's size, leading to a buffer-overlow.
So fix this by using alloc_clear() instead of alloc(), which will
clear the memory by NUL and therefore cause the loop to terminate
correctly.
Reported by @henices, thanks!
closes: #13596
Signed-off-by: Christian Brabandt <cb@256bit.org>
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Sun, 10 Dec 2023 15:16:05 +0100 |
parents | f8116058ca76 |
children | 4635e43f2c6f |
line wrap: on
line source
README_unix.txt for version 9.0 of Vim: Vi IMproved. This file explains the installation of Vim on Unix systems. See "README.txt" for general information about Vim. When you use the source distribution, "make install" is used to install Vim. See the "INSTALL" file in the "src" directory. If you use a compiled package, follow the instructions for the package.