Mercurial > vim

view READMEdir/Contents @ 33581:403d57b06231 v9.0.2035

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 9.0.2035: [security] use-after-free with wildmenu Commit: https://github.com/vim/vim/commit/8f4fb007e4d472b09ff6bed9ffa485e0c3093699 Author: Yee Cheng Chin <ychin.git@gmail.com> Date: Tue Oct 17 10:06:56 2023 +0200 patch 9.0.2035: [security] use-after-free with wildmenu Problem: [security] use-after-free with wildmenu Solution: properly clean up the wildmenu when exiting Fix wildchar/wildmenu/pum memory corruption with special wildchar's Currently, using `wildchar=<Esc>` or `wildchar=<C-\>` can lead to a memory corruption if using wildmenu+pum, or wrong states if only using wildmenu. This is due to the code only using one single place inside the cmdline process loop to perform wild menu clean up (by checking `end_wildmenu`) but there are other odd situations where the loop could have exited and we need a post-loop clean up just to be sure. If the clean up was not done you would have a stale popup menu referring to invalid memory, or if not using popup menu, incorrect status line (if `laststatus=0`). For example, if you hit `<Esc>` two times when it's wildchar, there's a hard-coded behavior to exit command-line as a failsafe for user, and if you hit `<C-\><C-\><C-N>` it will also exit command-line, but the clean up code would not have hit because of specialized `<C-\>` handling. Fix Ctrl-E / Ctrl-Y to not cancel/accept wildmenu if they are also used for 'wildchar'/'wildcharm'. Currently they don't behave properly, and also have potentially memory unsafe behavior as the logic is currently not accounting for this situation and try to do both. (Previous patch that addressed this: #11677) Also, correctly document Escape key behavior (double-hit it to escape) in wildchar docs as it's previously undocumented. In addition, block known invalid chars to be set in `wildchar` option, such as Ctrl-C and `<CR>`. This is just to make it clear to the user they shouldn't be set, and is not required for this bug fix. closes: #13361 Signed-off-by: Christian Brabandt <cb@256bit.org> Co-authored-by: Yee Cheng Chin <ychin.git@gmail.com>
author Christian Brabandt <cb@256bit.org>
date Tue, 17 Oct 2023 10:15:08 +0200
parents f8116058ca76
children 4635e43f2c6f
line wrap: on
line source

Vim		Vi IMproved.  A clone of the UNIX text editor Vi.  Very useful
		for editing programs and other plain ASCII text.  Full Vi
		compatibility and includes all Ex commands.  Extra features
		above Vi: Multilevel undo, multiple windows, syntax
		highlighting, command line history, folding, improved command
		line editing, command typeahead display, command to display
		yank buffers, possibility to edit binary files, file name
		stack, support for Manx QuickFix and other compiler's error
		messages, shows current file name in window title, on-line
		help, rectangular cut/paste, etc., etc., etc...

		Version 9.0.  Also runs under UNIX, MS-Windows, Mac, etc.
		vim90rt.tgz  contains the documentation and syntax files.
		vim90bin.tgz contains the binaries.
		vim90src.tgz contains the sources.
		Author: Bram Moolenaar et al.


Xxd		Hex dumper and reader.  Can be used to view files as hex, edit
		them and write them back.  Can also be used to patch files.

		Version 2022 Jan 14
		Author: Juergen Weigert