Mercurial > vim
view src/osdef2.h.in @ 33581:403d57b06231 v9.0.2035
patch 9.0.2035: [security] use-after-free with wildmenu
Commit: https://github.com/vim/vim/commit/8f4fb007e4d472b09ff6bed9ffa485e0c3093699
Author: Yee Cheng Chin <ychin.git@gmail.com>
Date: Tue Oct 17 10:06:56 2023 +0200
patch 9.0.2035: [security] use-after-free with wildmenu
Problem: [security] use-after-free with wildmenu
Solution: properly clean up the wildmenu when exiting
Fix wildchar/wildmenu/pum memory corruption with special wildchar's
Currently, using `wildchar=<Esc>` or `wildchar=<C-\>` can lead to a
memory corruption if using wildmenu+pum, or wrong states if only using
wildmenu. This is due to the code only using one single place inside the
cmdline process loop to perform wild menu clean up (by checking
`end_wildmenu`) but there are other odd situations where the loop could
have exited and we need a post-loop clean up just to be sure. If the
clean up was not done you would have a stale popup menu referring to
invalid memory, or if not using popup menu, incorrect status line (if
`laststatus=0`).
For example, if you hit `<Esc>` two times when it's wildchar, there's a
hard-coded behavior to exit command-line as a failsafe for user, and if
you hit `<C-\><C-\><C-N>` it will also exit command-line, but the clean
up code would not have hit because of specialized `<C-\>` handling.
Fix Ctrl-E / Ctrl-Y to not cancel/accept wildmenu if they are also
used for 'wildchar'/'wildcharm'. Currently they don't behave properly,
and also have potentially memory unsafe behavior as the logic is
currently not accounting for this situation and try to do both.
(Previous patch that addressed this: #11677)
Also, correctly document Escape key behavior (double-hit it to escape)
in wildchar docs as it's previously undocumented.
In addition, block known invalid chars to be set in `wildchar` option,
such as Ctrl-C and `<CR>`. This is just to make it clear to the user
they shouldn't be set, and is not required for this bug fix.
closes: #13361
Signed-off-by: Christian Brabandt <cb@256bit.org>
Co-authored-by: Yee Cheng Chin <ychin.git@gmail.com>
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Tue, 17 Oct 2023 10:15:08 +0200 |
parents | 9f3fd7937957 |
children |
line wrap: on
line source
/* * osdef2.h.in - See osdef1.h.in for a description. */ extern int remove(const char *); extern int rename(const char *, const char *); extern int free(char *); extern char *malloc(unsigned int); extern char *realloc(char *, int); extern char *getenv(char *); #ifndef __TANDEM extern int setenv(char *, char *, int); #else extern int setenv(const char *, const char *, int); #endif extern int putenv(const char *); #ifndef __TANDEM extern int gethostname(char *, int); #endif extern void perror(char *); #ifndef __TANDEM extern int sleep(int); #endif extern int usleep(unsigned int); extern unsigned int alarm(unsigned int); #ifndef __TANDEM extern int chdir(char *); #endif extern int fchdir(int); #ifndef stat /* could be redefined to stat64() */ extern int stat(const char *, struct stat *); #endif #ifndef lstat /* could be redefined to lstat64() */ extern int lstat(const char *, struct stat *); #endif extern int fstat(int, struct stat *); extern int open(const char *, int, ...); extern int close(int); #ifndef __TANDEM extern int read(int, char *, size_t); extern int write(int, char *, size_t); #endif extern int pipe(int *); extern off_t lseek(int, off_t, int); extern void sync(void); extern uid_t getuid(void); extern gid_t getgid(void); extern void qsort(void *, size_t, size_t, int (*)(const void *, const void *)); extern int isatty(int); extern int getpid(void); extern int dup(int); extern int unlink(const char *); extern int link(const char *, const char *); extern int mkdir(const char *, mode_t); extern int rmdir(const char *); extern int tgetent(char *, char *); extern int tgetnum(char *); extern int tgetflag(char *); extern char *tgoto(char *, int, int); extern int tputs(char *, int, int (*)(int)); #ifdef HAVE_TERMIOS_H struct termios; /* for tcgetattr() */ extern int tcgetattr(int, struct termios *); extern int tcsetattr(int, int, const struct termios *); #endif #ifdef HAVE_SYS_STATFS_H struct statfs; /* for fstatfs() */ extern int fstatfs(int, struct statfs *, int, int); #endif #ifdef HAVE_GETTIMEOFDAY struct timeval; /* for gettimeofday() */ struct timezone; /* for gettimeofday() */ extern int gettimeofday(struct timeval *tp, struct timezone *tzp); extern time_t time(time_t *); #endif #ifdef HAVE_GETPWNAM struct passwd; /* for getpwnam() */ extern struct passwd *getpwnam(const char *); #endif #ifdef USE_TMPNAM extern char *tmpnam(char *); #else extern char *mktemp(char *); #endif #ifdef ISC extern int _Xmblen(char const *, size_t); #else /* This is different from the header but matches mblen() */ extern int _Xmblen(char *, size_t); #endif