patch 9.0.2158: [security]: use-after-free in check_argument_type Commit: https://github.com/vim/vim/commit/0f28791b215bd4c22ed580839409c2f7d39d8140 Author: Christian Brabandt <cb@256bit.org> Date: Mon Dec 11 17:53:25 2023 +0100 patch 9.0.2158: [security]: use-after-free in check_argument_type Problem: [security]: use-after-free in check_argument_type Solution: Reset function type pointer when freeing the function type list function pointer fp->uf_func_type may point to the same memory, that was allocated for fp->uf_type_list. However, when cleaning up a function definition (e.g. because it was invalid), fp->uf_type_list will be freed, but fp->uf_func_type may still point to the same (now) invalid memory address. So when freeing the fp->uf_type_list, check if fp->func_type points to any of those types and if it does, reset the fp->uf_func_type pointer to the t_func_any (default) type pointer closes: #13652 Signed-off-by: Christian Brabandt <cb@256bit.org>

start
test text test text
test text test text
test text test text
test text test text
test text test text
test text test text
test text test text  x61
test text test text  x60-x64
test text test text  x78 5
test text test text  o143
test text test text  o140-o144
test text test text  o41 7
test text test text  \%x42
test text test text  \%o103
test text test text  [\x00]
test text test text  [\x00-\x10]
test text test text  [\x-z]
test text test text  [\u-z]
xx  xx a
xx aaaaa xx a
xx aaaaa xx a
xx Aaa xx
xx Aaaa xx
xx Aaa xx
xx foobar xA xx
xx an A xx
XX 9;
YY 77;
 xyz 
 bcd
 BB