Mercurial > vim
view src/GvimExt/gvimext_ming.def @ 33879:d418c82f02a4 v9.0.2149
patch 9.0.2149: [security]: use-after-free in exec_instructions()
Commit: https://github.com/vim/vim/commit/5dd41d4b6370b7b7d09d691f9252b3899c66102a
Author: Christian Brabandt <cb@256bit.org>
Date: Mon Dec 4 22:52:23 2023 +0100
patch 9.0.2149: [security]: use-after-free in exec_instructions()
Problem: [security]: use-after-free in exec_instructions()
Solution: get tv pointer again
[security]: use-after-free in exec_instructions()
exec_instructions may access freed memory, if the GA_GROWS_FAILS()
re-allocates memory. When this happens, the typval tv may still point to
now already freed memory. So let's get that pointer again and compare it
with tv. If those two pointers differ, tv is now invalid and we have to
refresh the tv pointer.
closes: #13621
Signed-off-by: Christian Brabandt <cb@256bit.org>
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Sun, 10 Dec 2023 15:16:17 +0100 |
parents | c3b4b1c89d8e |
children |
line wrap: on
line source
;gvimdef_ming.def : Declares the module parameters for the DLL. ;The mingw environment doesn't know anything about private declarations ;Hence this is the same file as gvimext.def with private removed LIBRARY gvimext ; DESCRIPTION 'Vim Shell Extension build with MinGW' EXPORTS DllCanUnloadNow = DllCanUnloadNow@0 DllGetClassObject = DllGetClassObject@12