Commit Graph

1 Commits

Author SHA1 Message Date
zeertzjq
bebdf1dab3
vim-patch:9.0.1848: [security] buffer-overflow in vim_regsub_both() (#25001)
Problem:  buffer-overflow in vim_regsub_both()
Solution: Check remaining space

ced2c7394a

The change to do_sub() looks confusing. Maybe it's an overflow check?
Then the crash may not be applicable to Nvim because of different casts.
The test also looks confusing. It seems to source itself recursively.
Also don't call strlen() twice on evaluation result.

N/A patches for version.c:
vim-patch:9.0.1849: CI error on different signedness in ex_cmds.c
vim-patch:9.0.1853: CI error on different signedness in regexp.c

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-09-03 13:47:55 +08:00