Mercurial > vim

changeset 33130:3e4c08a8d637 v9.0.1847

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 9.0.1847: [security] potential oob write in do_addsub() Commit: https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57 Author: Christian Brabandt <cb@256bit.org> Date: Sat Sep 2 19:43:33 2023 +0200 patch 9.0.1847: [security] potential oob write in do_addsub() Problem: potential oob write in do_addsub() Solution: don't overflow buf2, check size in for loop() Signed-off-by: Christian Brabandt <cb@256bit.org>
author Christian Brabandt <cb@256bit.org>
date Sat, 02 Sep 2023 20:00:02 +0200
parents 93e2f3574adb
children c04e079f520f
files src/ops.c src/version.c
diffstat 2 files changed, 3 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/ops.c
+++ b/src/ops.c
@@ -2919,7 +2919,7 @@ do_addsub(
 	    for (bit = bits; bit > 0; bit--)
 		if ((n >> (bit - 1)) & 0x1) break;
 
-	    for (i = 0; bit > 0; bit--)
+	    for (i = 0; bit > 0 && i < (NUMBUFLEN - 1); bit--)
 		buf2[i++] = ((n >> (bit - 1)) & 0x1) ? '1' : '0';
 
 	    buf2[i] = '\0';
--- a/src/version.c
+++ b/src/version.c
@@ -700,6 +700,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1847,
+/**/
     1846,
 /**/
     1845,