Mercurial > vim
view src/proto/change.pro @ 33802:b857615e5d42 v9.0.2117
patch 9.0.2117: [security] use-after-free in qf_free_items
Commit: https://github.com/vim/vim/commit/567cae2630a51efddc07eacff3b38a295e1f5671
Author: Christian Brabandt <cb@256bit.org>
Date: Sun Nov 19 16:19:27 2023 +0100
patch 9.0.2117: [security] use-after-free in qf_free_items
Problem: [security] use-after-free in qf_free_items
Solution: only access qfpnext, if it hasn't been freed
Coverity discovered a possible use-after-free in qf_free_items. When
freeing the qfline items, we may access freed memory, when qfp ==
qfpnext.
So only access qfpnext, when it hasn't been freed.
Signed-off-by: Christian Brabandt <cb@256bit.org>
| author | Christian Brabandt <cb@256bit.org> |
|---|---|
| date | Tue, 21 Nov 2023 20:15:05 +0100 |
| parents | 9596c652420b |
| children |
line wrap: on
line source
/* change.c */ void change_warning(int col); void changed(void); void changed_internal(void); void f_listener_add(typval_T *argvars, typval_T *rettv); void f_listener_flush(typval_T *argvars, typval_T *rettv); void f_listener_remove(typval_T *argvars, typval_T *rettv); void may_invoke_listeners(buf_T *buf, linenr_T lnum, linenr_T lnume, int added); void invoke_listeners(buf_T *buf); void remove_listeners(buf_T *buf); void changed_bytes(linenr_T lnum, colnr_T col); void inserted_bytes(linenr_T lnum, colnr_T col, int added); void appended_lines(linenr_T lnum, long count); void appended_lines_mark(linenr_T lnum, long count); void deleted_lines(linenr_T lnum, long count); void deleted_lines_mark(linenr_T lnum, long count); void changed_lines_buf(buf_T *buf, linenr_T lnum, linenr_T lnume, long xtra); void changed_lines(linenr_T lnum, colnr_T col, linenr_T lnume, long xtra); void unchanged(buf_T *buf, int ff, int always_inc_changedtick); void save_file_ff(buf_T *buf); int file_ff_differs(buf_T *buf, int ignore_empty); void ins_bytes(char_u *p); void ins_bytes_len(char_u *p, int len); void ins_char(int c); void ins_char_bytes(char_u *buf, int charlen); void ins_str(char_u *s); int del_char(int fixpos); int del_chars(long count, int fixpos); int del_bytes(long count, int fixpos_arg, int use_delcombine); int open_line(int dir, int flags, int second_line_indent, int *did_do_comment); int truncate_line(int fixpos); void del_lines(long nlines, int undo); /* vim: set ft=c : */