Mercurial > vim
view READMEdir/README_bindos.txt @ 33829:f0132690cdf9 v9.0.2129
patch 9.0.2129: [security]: use-after-free in call_dfunc()
Commit: https://github.com/vim/vim/commit/a555069b7d790abedc60edc505bd35bda257949d
Author: mityu <mityu.mail@gmail.com>
Date: Sat Nov 25 15:41:20 2023 +0100
patch 9.0.2129: [security]: use-after-free in call_dfunc()
Problem: [security]: use-after-free in call_dfunc()
Solution: Refresh dfunc pointer
closes: #13571
This Commit fixes a SEGV caused by a use-after-free bug in call_dfunc().
When calling check_ufunc_arg_types() from the call_dfunc() it may cause
def functions to be re-compiled and if there are too many def functions,
the def_functions array will be re-allocated. Which means, that the
dfunc pointer in call_dfunc() now starts pointing to freed memory.
So we need to reset the dfunc pointer after calling
check_ufunc_arg_types().
Let's also add a test, to ensure we do not regress.
Signed-off-by: mityu <mityu.mail@gmail.com>
Signed-off-by: Yegappan Lakshmanan <yegappan@yahoo.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Sat, 25 Nov 2023 16:00:03 +0100 |
parents | f8116058ca76 |
children | 4635e43f2c6f |
line wrap: on
line source
README_bindos.txt for version 9.0 of Vim: Vi IMproved. See "README.txt" for general information about Vim. See "README_dos.txt" for installation instructions for MS-DOS and MS-Windows. These files are in the runtime archive (vim90rt.zip). There are several binary distributions of Vim for the PC. You would normally pick only one of them, but it's also possible to install several. These ones are available (the version number may differ): vim90w32.zip Windows 95/98/NT/etc. console version gvim90.zip Windows 95/98/NT/etc. GUI version gvim90ole.zip Windows 95/98/NT/etc. GUI version with OLE You MUST also get the runtime archive (vim90rt.zip). The sources are also available (vim90src.zip).