Mercurial > vim
view READMEdir/README_amibin.txt @ 33865:8cdb69ea3711 v9.0.2143
patch 9.0.2143: [security]: buffer-overflow in ex_substitute
Commit: https://github.com/vim/vim/commit/abfa13ebe92d81aaf66669c428d767847b577453
Author: Christian Brabandt <cb@256bit.org>
Date: Thu Nov 30 11:32:18 2023 +0100
patch 9.0.2143: [security]: buffer-overflow in ex_substitute
Problem: [security]: buffer-overflow in ex_substitute
Solution: clear memory after allocating
When allocating the new_start pointer in ex_substitute() the memory
pointer points to some garbage that the following for loop in
ex_cmds.c:4743 confuses and causes it to accessing the new_start pointer
beyond it's size, leading to a buffer-overlow.
So fix this by using alloc_clear() instead of alloc(), which will
clear the memory by NUL and therefore cause the loop to terminate
correctly.
Reported by @henices, thanks!
closes: #13596
Signed-off-by: Christian Brabandt <cb@256bit.org>
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Sun, 10 Dec 2023 15:16:05 +0100 |
parents | f8116058ca76 |
children | 4635e43f2c6f |
line wrap: on
line source
README_amibin.txt for version 9.0 of Vim: Vi IMproved. See "README.txt" for general information about Vim. See "README_ami.txt" for installation instructions for the Amiga. These files are in the runtime archive (vim90rt.tgz). The Amiga "bin" archive contains the Vim executable for the Amiga. It was compiled with "big" features. Postscript printing is not included to avoid requiring floating point computations.