Mercurial > vim
view runtime/ftplugin/kwt.vim @ 33865:8cdb69ea3711 v9.0.2143
patch 9.0.2143: [security]: buffer-overflow in ex_substitute
Commit: https://github.com/vim/vim/commit/abfa13ebe92d81aaf66669c428d767847b577453
Author: Christian Brabandt <cb@256bit.org>
Date: Thu Nov 30 11:32:18 2023 +0100
patch 9.0.2143: [security]: buffer-overflow in ex_substitute
Problem: [security]: buffer-overflow in ex_substitute
Solution: clear memory after allocating
When allocating the new_start pointer in ex_substitute() the memory
pointer points to some garbage that the following for loop in
ex_cmds.c:4743 confuses and causes it to accessing the new_start pointer
beyond it's size, leading to a buffer-overlow.
So fix this by using alloc_clear() instead of alloc(), which will
clear the memory by NUL and therefore cause the loop to terminate
correctly.
Reported by @henices, thanks!
closes: #13596
Signed-off-by: Christian Brabandt <cb@256bit.org>
| author | Christian Brabandt <cb@256bit.org> |
|---|---|
| date | Sun, 10 Dec 2023 15:16:05 +0100 |
| parents | 2cfb68fa26cd |
| children | 8ae680be2a51 |
line wrap: on
line source
" Vim filetype plugin file " Language: Kimwitu++ " Maintainer: Michael Piefel <entwurf@piefel.de> " Last Change: 10 March 2012 " Behaves almost like C++ runtime! ftplugin/cpp.vim ftplugin/cpp_*.vim ftplugin/cpp/*.vim let s:cpo_save = &cpo set cpo&vim " Limit the browser to related files if has("gui_win32") && !exists("b:browsefilter") let b:browsefilter = "Kimwitu/Kimwitu++ Files (*.k)\t*.k\n" . \ "Lex/Flex Files (*.l)\t*.l\n" . \ "Yacc/Bison Files (*.y)\t*.y\n" . \ "All Files (*.*)\t*.*\n" endif " Set the errorformat for the Kimwitu++ compiler set efm+=kc%.%#:\ error\ at\ %f:%l:\ %m if exists("b:undo_ftplugin") let b:undo_ftplugin = b:undo_ftplugin . " | setlocal efm<" \ . "| unlet! b:browsefiler" else let b:undo_ftplugin = "setlocal efm<" \ . "| unlet! b:browsefiler" endif let &cpo = s:cpo_save unlet s:cpo_save