Mercurial > vim
view runtime/plugin/tarPlugin.vim @ 33865:8cdb69ea3711 v9.0.2143
patch 9.0.2143: [security]: buffer-overflow in ex_substitute
Commit: https://github.com/vim/vim/commit/abfa13ebe92d81aaf66669c428d767847b577453
Author: Christian Brabandt <cb@256bit.org>
Date: Thu Nov 30 11:32:18 2023 +0100
patch 9.0.2143: [security]: buffer-overflow in ex_substitute
Problem: [security]: buffer-overflow in ex_substitute
Solution: clear memory after allocating
When allocating the new_start pointer in ex_substitute() the memory
pointer points to some garbage that the following for loop in
ex_cmds.c:4743 confuses and causes it to accessing the new_start pointer
beyond it's size, leading to a buffer-overlow.
So fix this by using alloc_clear() instead of alloc(), which will
clear the memory by NUL and therefore cause the loop to terminate
correctly.
Reported by @henices, thanks!
closes: #13596
Signed-off-by: Christian Brabandt <cb@256bit.org>
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Sun, 10 Dec 2023 15:16:05 +0100 |
parents | 29c5f168c6fd |
children | e003aedbf9e1 |
line wrap: on
line source
" tarPlugin.vim -- a Vim plugin for browsing tarfiles " Original was copyright (c) 2002, Michael C. Toren <mct@toren.net> " Modified by Charles E. Campbell " Distributed under the GNU General Public License. " " Updates are available from <http://michael.toren.net/code/>. If you " find this script useful, or have suggestions for improvements, please " let me know. " Also look there for further comments and documentation. " " This part only sets the autocommands. The functions are in autoload/tar.vim. " --------------------------------------------------------------------- " Load Once: {{{1 if &cp || exists("g:loaded_tarPlugin") finish endif let g:loaded_tarPlugin = "v32" let s:keepcpo = &cpo set cpo&vim " --------------------------------------------------------------------- " Public Interface: {{{1 augroup tar au! au BufReadCmd tarfile::* call tar#Read(expand("<amatch>"), 1) au FileReadCmd tarfile::* call tar#Read(expand("<amatch>"), 0) au BufWriteCmd tarfile::* call tar#Write(expand("<amatch>")) au FileWriteCmd tarfile::* call tar#Write(expand("<amatch>")) if has("unix") au BufReadCmd tarfile::*/* call tar#Read(expand("<amatch>"), 1) au FileReadCmd tarfile::*/* call tar#Read(expand("<amatch>"), 0) au BufWriteCmd tarfile::*/* call tar#Write(expand("<amatch>")) au FileWriteCmd tarfile::*/* call tar#Write(expand("<amatch>")) endif au BufReadCmd *.tar.gz call tar#Browse(expand("<amatch>")) au BufReadCmd *.tar call tar#Browse(expand("<amatch>")) au BufReadCmd *.lrp call tar#Browse(expand("<amatch>")) au BufReadCmd *.tar.bz2 call tar#Browse(expand("<amatch>")) au BufReadCmd *.tar.Z call tar#Browse(expand("<amatch>")) au BufReadCmd *.tbz call tar#Browse(expand("<amatch>")) au BufReadCmd *.tgz call tar#Browse(expand("<amatch>")) au BufReadCmd *.tar.lzma call tar#Browse(expand("<amatch>")) au BufReadCmd *.tar.xz call tar#Browse(expand("<amatch>")) au BufReadCmd *.txz call tar#Browse(expand("<amatch>")) au BufReadCmd *.tar.zst call tar#Browse(expand("<amatch>")) au BufReadCmd *.tzs call tar#Browse(expand("<amatch>")) augroup END com! -nargs=? -complete=file Vimuntar call tar#Vimuntar(<q-args>) " --------------------------------------------------------------------- " Restoration And Modelines: {{{1 " vim: fdm=marker let &cpo= s:keepcpo unlet s:keepcpo